[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: BEEP session tuning
> I'm confused about BEEP session tuning in the SACRED protocol, and I'm
> hoping someone can set me straight. Section 4.1 of RFC 3080 says:
> Note that SASL may provide both user authentication and transport
> security. Once transport security is successfully negotiated for a
> BEEP session, then a SASL security layer must not be negotiated;
> similarly, once any SASL negotiation is successful, a transport
> security profile must not begin its underlying negotiation process.
> To me, that says you can't tune with both http://iana.org/beep/TLS and
> http://iana.org/SASL/DIGEST-MD5 as suggested in section 3.1 of
> draft-ietf-sacred-protocol-bss-09.txt. Am I misreading that paragraph
> of RFC 3080?
You can't use DIGEST-MD5 for a security layer (having previously set up
TLS), meaning you can't use it to do integrity/confidentiality protection
of the data stream. But you can use it for authentication. These are
separate features in SASL mechanisms, generally.
- RL "Bob"