Dan Harkins wrote: > A "clear-text" password will have to be sent "in the tunnel" because > otherwise authentication would not be possible!
There are many authentication protocols which do not require the sending of a clear-text password. CHAP, MS-CHAP, EKE, SRP, or your own proposal. So I'm a little surprised that you think authentication can happen only via sending a clear-text password. Your suggested text permits the tunneled protocol to support *only* one of these other methods, and to *not* support sending of a clear-text password. For reasons I gave before, we cannot standardize on a tunneled protocol that fails to support clear-text passwords. I welcome text to clarify the security requirements. But I am opposed to removing the stated requirement for clear-text passwords. Everything else we've discussed is secondary to that point. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu