[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-gs2-02.txt

To: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>
Subject: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
From: Simon Josefsson <jas@xxxxxxxxxxx>
Date: Tue, 05 Sep 2006 12:02:21 +0200
Cc: ietf-sasl@xxxxxxx
In-reply-to: <20060905052337.GC27685@xxxxxxxxxxxxxxxxxxxxx> (Nicolas Williams's message of "Tue\, 5 Sep 2006 00\:23\:38 -0500")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <7.0.1.0.0.20060412083531.021ab248@xxxxxxxxxxxx> <20060901162103.GE27433@xxxxxxxxxxxxxxxxxxxxx> <87fyf7ykpo.fsf@xxxxxxxxxxxxxxxxxxx> <44FC63F3.8090108@xxxxxxxxx> <20060905052337.GC27685@xxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)

Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

> On Mon, Sep 04, 2006 at 06:35:47PM +0100, Alexey Melnikov wrote:
>> Simon Josefsson wrote:
>> >Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:
>> > <t>This document describes how to use a Generic Security Service
>> >   Application Program Interface (GSS-API) mechanism in the the
>> >   Simple Authentication and Security Layer (SASL) framework.  This
>> >   is done by defining a new SASL mechanism family, called GS2.  The
>> >   mechanism family uses the SASL mechanism negotiation to select the
>> >   GSS-API mechanism, offers reduced number of round-trips over the
>> >   earlier Kerberos V5-specific "GSS-API"
>> >
>> If you are referencing the GS1, why do you have "-"? If not, why is it 
>> quoted?
>
> Yeah, be very carefule with "GSSAPI" vs. "GSS-API" -- in the context of
> SASL the first means "the mistake that was made years ago when the name
> given the SASL mechanism corresponding to the GSS-API Kerberos V
> mechanism was "GSSAPI" and the latter means _the_ GSS-API (as in
> RFC2743).

The intention was to avoid confusion by spelling out "Kerberos
V5-specific" explicitly, but it seems that it didn't succeed.

> Also, there is no SASL mechanism negotiation as such -- SASL
> applications negotiate mechanisms on an ad-hoc basis (each app protocol
> specifies its own negotiations, usually based on the server listing its
> available mechanisms to the client prior to starting SASL).

Right.

> So the the third sentence above needs to be re-written.  I propose:
>
>    This mechanism family offers a number of improvements over the
>    previous SASL/GSS-API mechanism family: it is more general, uses
>    fewer messages for the authentication phase in some cases, and
>    supports a SASL-specific notion of channel binding.

There is no previous SASL/GSS-API mechanism family (the "GSSAPI" mech
isn't a mechanism family, in the RFC 4422 terminology), so I changed
the abstract into:

  <t>This document describes how to use a Generic Security Service
    Application Program Interface (GSS-API) mechanism in the the
    Simple Authentication and Security Layer (SASL) framework.  This
    is done by defining a new SASL mechanism family, called GS2.  This
    mechanism family offers a number of improvements over the previous
    SASL/GSS-API mechanism: it is more general, uses fewer messages
    for the authentication phase in some cases, and supports a
    SASL-specific notion of channel binding.</t>

Thanks,
Simon

Follow-Ups:
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov

References:
- WG Last Call: draft-ietf-sasl-gssapi-04.txt
  - From: Kurt D. Zeilenga
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams

Prev by Date: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Next by Date: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Previous by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Next by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Index(es):
- Date
- Thread