[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gs2 and qop

To: Simon Josefsson <jas@xxxxxxxxxxx>
Subject: Re: gs2 and qop
From: Sam Hartman <hartmans-ietf@xxxxxxx>
Date: Thu, 07 Sep 2006 10:53:23 -0400
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <877j0fsq4u.fsf@xxxxxxxxxxxxxxxxxxx> (Simon Josefsson's message of "Thu, 07 Sep 2006 16:33:21 +0200")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <tslac6sm3v5.fsf@xxxxxxxxxx> <44CF1B96.5010404@xxxxxxxxx> <44EC6C24.7040300@xxxxxxxxx> <87zmde5zx8.fsf@xxxxxxxxxxxxxxxxxxx> <44FF1585.5060607@xxxxxxxxx> <87k64fubq6.fsf@xxxxxxxxxxxxxxxxxxx> <tslodtrx0qn.fsf@xxxxxxxxxx> <87slj3sro7.fsf@xxxxxxxxxxxxxxxxxxx> <tsl8xkvwydu.fsf_-_@xxxxxxxxxx> <877j0fsq4u.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

>>>>> "Simon" == Simon Josefsson <jas@xxxxxxxxxxx> writes:

    >> Are you talking about gss-api level qop or sasl security
    >> layers?

    Simon> SASL security layers.

I skip your answers to the rest of my questions because they assumed
you meant GSS QOP.

I'm failing to see the downgrade attack here though: if integ_avail is
false, you don't negotiate security layers.
Provided you enforce that what is the downgrade issue.

Some editorial comments on the draft:

In your examples you do separate parts of packets input to gss_wrap
with ,.  I'd suggest |.

You never clearly define that the qop values you talk about correspond
to the security layer stuff in section 9.

Follow-Ups:
- Re: gs2 and qop
  - From: Simon Josefsson

References:
- AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- gs2 and qop
  - From: Sam Hartman
- Re: gs2 and qop
  - From: Simon Josefsson

Prev by Date: Re: gs2 and qop
Next by Date: Re: gs2 and qop
Previous by thread: Re: gs2 and qop
Next by thread: Re: gs2 and qop
Index(es):
- Date
- Thread