[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gs2 and qop

To: Simon Josefsson <jas@xxxxxxxxxxx>
Subject: gs2 and qop
From: Sam Hartman <hartmans-ietf@xxxxxxx>
Date: Thu, 07 Sep 2006 10:21:33 -0400
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <87slj3sro7.fsf@xxxxxxxxxxxxxxxxxxx> (Simon Josefsson's message of "Thu, 07 Sep 2006 16:00:08 +0200")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <tslac6sm3v5.fsf@xxxxxxxxxx> <44CF1B96.5010404@xxxxxxxxx> <44EC6C24.7040300@xxxxxxxxx> <87zmde5zx8.fsf@xxxxxxxxxxxxxxxxxxx> <44FF1585.5060607@xxxxxxxxx> <87k64fubq6.fsf@xxxxxxxxxxxxxxxxxxx> <tslodtrx0qn.fsf@xxxxxxxxxx> <87slj3sro7.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

>>>>> "Simon" == Simon Josefsson <jas@xxxxxxxxxxx> writes:

    Simon> Sam Hartman <hartmans-ietf@xxxxxxx> writes:
    >> So, this is a bit complicated and perhaps the best thing is to
    >> decide that we just don't care about mechansims without
    >> integ_avail.

    Simon> For GS2, there is a downgrade attack of the quality of
    Simon> protection (at the SASL level) if the GSS-API mechanism
    Simon> doesn't provide integrity of GSS_Wrap tokens.  In general,
    Simon> that's probably not acceptable.


I clearly have not been paying enough attention to gs2.


Are you talking about gss-api level qop or sasl security layers?

Why do you negotiate qop?
Is that safe to do?
I thought qop values were implementation local.

Follow-Ups:
- Re: gs2 and qop
  - From: Simon Josefsson

References:
- AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson

Prev by Date: Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
Next by Date: Re: gs2 and qop
Previous by thread: Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
Next by thread: Re: gs2 and qop
Index(es):
- Date
- Thread