[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Considerations

To: James M Snell <jasnell@xxxxxxxxx>
Subject: Re: Security Considerations
From: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Aug 2006 08:57:29 -0700
Cc: Robert Sayre <sayrer@xxxxxxxxx>, Brian E Carpenter <brc@xxxxxxxxxxxxxx>, "Roy T. Fielding" <fielding@xxxxxxxx>, Sam Hartman <hartmans-ietf@xxxxxxx>, Lisa Dusseault <lisa@xxxxxxxxxxxxxxxxx>, atom-protocol Protocol <atom-protocol@xxxxxxx>, IESG IESG <iesg@xxxxxxxx>
In-reply-to: Your message of "Thu, 03 Aug 2006 08:54:44 PDT." <44D21C44.1020701@xxxxxxxxx>
List-archive: <http://www.imc.org/atom-protocol/mail-archive/>
List-id: <atom-protocol.imc.org>
List-unsubscribe: <mailto:atom-protocol-request@imc.org?body=unsubscribe>
Sender: owner-atom-protocol@xxxxxxxxxxxx

Apparently I wasn't clear. I meant what if my implementation *only* supports
my new mechanism. I.e., I couldn't interoperate securely with someone who
did Basic/TLS.

-Ekr

James M Snell <jasnell@xxxxxxxxx> wrote:
> Robert likely has his own opinions on this question, but so long as
> implementations were capable of being extended/configured to support the
> new mechanism, yes. The problem is really not that different from any
> other extensibility problem.
> 
> - James
> 
> Eric Rescorla wrote:
> > [snip]
> > So, I'm not sure what this text is supposed to mean.
> > 
> > Let's try working by example: if I defined a new (stipulated secure)
> > challenge-response mechanism based on GMAC and used that as my
> > authentication mechanism, would you consider my implementation
> > conformant?
> > 
> > -Ekr
> > 
> >

Follow-Ups:
- Re: Security Considerations
  - From: Lisa Dusseault
- Re: Security Considerations
  - From: Robert Sayre
- Re: Security Considerations
  - From: James M Snell

References:
- Re: Security Considerations
  - From: James M Snell

Prev by Date: Re: Security Considerations
Next by Date: Re: Security Considerations
Previous by thread: Re: Security Considerations
Next by thread: Re: Security Considerations
Index(es):
- Date
- Thread