Daniel Pocock <[email protected]> writes: > On 12/03/2012 13:55, Simon Josefsson wrote: >> >> Using PLAIN requires no changes on the wire, but I think it will work >> fairly poorly in practice: most clients cache the password and some even >> open multiple connections, all based on that cached password. It is >> likely to lead to many authentication failure problems. A separate SASL >> mechanism for OTP is likely to lead to better user interfaces in client >> applications. I actually worked on a specifcation for this a year ago: >> >> https://tools.ietf.org/html/draft-josefsson-kitten-crotp-00 > > I agree with those comments, and I came across your draft after sending > the email to the list, it is very close to what I had in mind
Great. Exim recently got GNU SASL support in a development branch, so it could be used for testing in a more real-world environment. I'm looking at getting a test environment for that up and running to be able to test new SASL mechanisms more easily... >> What do you think? My lack of further work in this area has mostly been >> because of limited feedback and deployment opportunitites. If you have >> have some users that could beta test something like this, that would >> help. > > I'm approaching it from a different angle: I just want to make dynalogin > into a form that works for one or two purposes (e.g. OpenID is working, > and SASL, RADIUS or PAM would not be too hard), get it into some of the > main Linux distributions, and then see the response from people who > deploy it > > That is why I asked you about having liboath in Debian at the very > beginning, and having modularisation and callbacks so that our code > works together: I think it is a good way to get a lot of users and get > some practical feedback, the projects will hopefully attract a community > and people will do stuff with it that neither of us has anticipated Yep I agree. What do you see should be done here? Implementing CROTP is a start, but a bit speculative without any real use-case or interest from actual users. I've been burned before implementing early IETF drafts (even my own :-)) so I need something to motivate me to work on it. /Simon
