Simon Josefsson wrote:
If you are referencing the GS1, why do you have "-"? If not, why is it quoted?Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:- The abstract needs to say a little more...I've changed it to: <t>This document describes how to use a Generic Security Service Application Program Interface (GSS-API) mechanism in the the Simple Authentication and Security Layer (SASL) framework. This is done by defining a new SASL mechanism family, called GS2. The mechanism family uses the SASL mechanism negotiation to select the GSS-API mechanism, offers reduced number of round-trips over the earlier Kerberos V5-specific "GSS-API"
mechanism, and supports channel bindings that improve efficiency when the mechanism is used in a secure channel.</t> Comments?
Looks good otherwise. [...]
- Section 4.2, second paragraph. As with SASL/GS1 we need to decide whether SASL/GS2 is limited to host-based names, or whether that's just what is required for interop. We need to decide what we want to do w.r.t. SASL and GSS-API name types other than GSS_C_NT_HOSTBASED_SERVICE. I propose moving the instructions on how the targ_name is obtained into a separate paragraph and saying that host-based naming is a REQUIRED to implement feature, but not actually requiring use of host-based naming in all circumstances (which the current prescriptive text can be read to imply).
I like the suggestion, but I can't propose any text at the moment.
Suggestions? I'm not really sure about these details.