The document states a clear requirement: the tunneled method MUST be capable of sending clear-text passwords in the tunnel.
You agree that the attacks against this requirement are adequately covered by existing text in the document: http://www.ietf.org/mail-archive/web/emu/current/msg01327.html However, you then suggest your text as a "more accurate" definition of the requirements. I have asked for clarification as to why your text is better, and received (a) repetitions of the same text, and (b) suggestions to go read your previous messages. Your text removes the requirement to send a clear-text password in a tunnel. I am therefore opposed to it, for reasons I have outlined earlier. I understand that you find your text more specific than the current text in the document. I do not. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
