[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BEEP session tuning

To: Jim Basney <jbasney@xxxxxxxxxxxxx>
Subject: Re: BEEP session tuning
From: "RL 'Bob' Morgan" <rlmorgan@xxxxxxxxxxxxxx>
Date: Tue, 1 Jun 2004 11:06:00 -0700 (PDT)
Cc: ietf-sacred@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-sacred@xxxxxxxxxxxx


> I'm confused about BEEP session tuning in the SACRED protocol, and I'm
> hoping someone can set me straight.  Section 4.1 of RFC 3080 says:
>
>   Note that SASL may provide both user authentication and transport
>   security. Once transport security is successfully negotiated for a
>   BEEP session, then a SASL security layer must not be negotiated;
>   similarly, once any SASL negotiation is successful, a transport
>   security profile must not begin its underlying negotiation process.
>
> To me, that says you can't tune with both http://iana.org/beep/TLS and
> http://iana.org/SASL/DIGEST-MD5 as suggested in section 3.1 of
> draft-ietf-sacred-protocol-bss-09.txt.  Am I misreading that paragraph
> of RFC 3080?

You can't use DIGEST-MD5 for a security layer (having previously set up
TLS), meaning you can't use it to do integrity/confidentiality protection
of the data stream.  But you can use it for authentication.  These are
separate features in SASL mechanisms, generally.

 - RL "Bob"

References:
- BEEP session tuning
  - From: Jim Basney

Prev by Date: BEEP session tuning
Previous by thread: BEEP session tuning
Index(es):
- Date
- Thread