Bug#402814: cyrus-imapd-2.2: Inadequate documentation of 'sasl_minimum_layer'

Michael Richters merlin at gedankenlabs.org
Thu Dec 14 19:23:09 CET 2006 

On Thu, Dec 14, 2006 at 05:45:45PM +0100, Sven Mueller wrote:
> Regarding the Documentation:
>
> sasl_minimum_layer really translates into min_ssf in libsasl2,
> sasl_maximum_layer into max_ssf of the same structure. What they do is
> documented in: /usr/share/doc/libsasl2/programming.html

What package does that file belong to?  It doesn't exist in libsasl2
version 2.1.22.dfsg1-7, or any other sasl package installed on my
system:

[root at geomancer:~]
# aptitude -F %p%25v search ~isasl
cyrus-sasl2-doc                                                       2.1.22.dfsg1-7
libsasl2                                                              2.1.22.dfsg1-7
libsasl2-2                                                            2.1.22.dfsg1-7
libsasl2-dev                                                          2.1.22.dfsg1-7
libsasl2-modules                                                      2.1.22.dfsg1-7
libsasl2-modules-gssapi-mit                                           2.1.22.dfsg1-7
sasl2-bin                                                             2.1.22.dfsg1-7

[root at geomancer:~]
# ls -l /usr/share/doc/libsasl2
total 48
-rw-r--r-- 1 root root  9346 Dec  8 03:23 changelog.Debian.gz
-rw-r--r-- 1 root root 28789 May 19  2006 changelog.gz
-rw-r--r-- 1 root root  2069 Dec  8 03:23 copyright


> Actually, the documentation available in cyrus-imapd is almost all there
> is to know:
> a layer of 0 doesn't ensure anything
> a layer of 1 provides integrity protection
> any higher level ensures some sort of encryption. The example given in
> sasl documentation is 56-bit DES encryption providing an SSF (security
> strength factor) of 56.
>
> Perhaps someone else can put this in more documentation-like words and
> add it to our manpages, READMEs or so.


In my frustration, I may have exaggerated the deficiency of this bit
of documentation, but I still maintain that it is inadequate (and that
there is no such example in the documentation).

First, I'm not sure what is meant by "integrity protection".

Second, "some sort of encryption" is far too vague.  Not all sorts of
encryption are equivalent, and since no values are translated into
meanings, I have no idea what number to use in my config file if I do
want to allow some sorts of encryption, but not others.


  --Mike

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list