Simple Authentication And Security Layer (SASL)
IETF73, Minneapolis, MN

Tuesday, November 18, 2008 at 1520-1720
=======================================

Chairs:

Tom Yu <tlyu@mit.edu>
Kurt Zeilenga <kurt.zeilenga@isode.com>

====================

Thanks to Alexey Melnikov for scribing.

Alexey Melnikov talks about SCRAM, describing five resolved issues.
Primary discussion of these issues revolves around whether SCRAM
mechanism names "import" from the IANA hash algorithm registry.

Discussion about modifying GS2 framing for easier implementation of
SCRAM.  Sam Hartman previously sent ABNF specifying three possible
alternatives for this framing.  Several opinions that option 3 is
best; no objections.  Suggestion to prepare examples of GS2+krb5 and
GS2+SCRAM to help readers understand the encoding.

Kurt has submitted an I-D (this morning!) proposing moving CRAM-MD5 to
Historic status, and updating its IANA registry entry to "OBSOLETE".
The intent is that the current WG document draft-ietf-sasl-crammd5
will be abandoned.  Several strong opinions that Kurt's document not
be published until SCRAM is published; no objections.  General
agreement that the IANA registry entry should continue to indicate
"LIMITED" usage and contain a reference to 2195 as well as Kurt's
document for security considerations.

Kurt talks about 4422bis.  Chris Newman questions if new document is
actually needed to progress 4422 to Draft Standard.  Normative
downrefs effectively require new text.

Action items:

* Tom - WGLC Kurt's document
* Alexey, Sam, et al. - update docs for GS2 encoding (and SCRAM)
* implementors - help write GS2 encoding examples

Milestones:

Nov 08 - Initial RFC4422 impl. report
Nov 08 - Reach consensus on CRAM-MD5 successor approach (and update
       	 milestones accordingly)
Dec 08 - WGLC RFC4422bis and implementation report I-D
Jan 09 - WGLC DIGEST-MD5 replacement I-D
Jan 09 - WGLC GS2 I-D