[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-gs2-02.txt

To: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>
Subject: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Wed, 6 Sep 2006 16:14:04 -0500
Cc: Simon Josefsson <jas@xxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <44FED019.9020003@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Mail-followup-to: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, Simon Josefsson <jas@xxxxxxxxxxx>, ietf-sasl@xxxxxxx
References: <44F86667.1000602@xxxxxxxxx> <87k64kx6zt.fsf@xxxxxxxxxxxxxxxxxxx> <44FC4836.3090803@xxxxxxxxx> <20060905051552.GB27685@xxxxxxxxxxxxxxxxxxxxx> <44FD43B3.4050906@xxxxxxxxx> <87lkoy8wru.fsf@xxxxxxxxxxxxxxxxxxx> <20060905132114.GB27961@xxxxxxxxxxxxxxxxxxxxx> <87irk1fk6w.fsf@xxxxxxxxxxxxxxxxxxx> <20060906125854.GS28489@xxxxxxxxxxxxxxxxxxxxx> <44FED019.9020003@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Wed, Sep 06, 2006 at 02:41:45PM +0100, Alexey Melnikov wrote:
> Nicolas Williams wrote:
> >I see no value in the server verifying that client_maxbuf == 0 when the
> >client doesn't ask for any security layers.
> >
> >Also, even with no security layers the application may benefit from the
> >SASL mechanism maxbuf negotiation (again, think of small devices).
> > 
> >
> No, when there is no SASL security layer there is no SASL framing. And 
> SASL maxbuf has no effect on TCP.

I was hoping that the maxbuf value would be of use to applications that
want no security layers.  That if an application does the equivalent of,
in Cyrus SASL terms,

	unsigned int len = 4096;
	...
	/*
	 * Note: Cyrus SASL doesn't allow setting this property, only
	 * getting it
	 */
	sasl_setprop(..., SASL_MAXOUTBUF, &len);

then its peers might want to know, even when using no security layers.

But I see now that this is really not quite a good thing, that the
application ought to negotiate this on its own.

So I withdraw that comment, but I still see no value to the client or
server verifying that server_maxbuff == 0 or client_maxbuf == 0 when no
security layers are offered/requested.

Nico
--

Follow-Ups:
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson

References:
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov

Prev by Date: Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
Next by Date: Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
Previous by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Next by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Index(es):
- Date
- Thread