[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gs2 and qop

To: Simon Josefsson <jas@xxxxxxxxxxx>
Subject: Re: gs2 and qop
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Thu, 7 Sep 2006 10:31:35 -0500
Cc: Sam Hartman <hartmans-ietf@xxxxxxx>, Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <877j0fsq4u.fsf@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Mail-followup-to: Simon Josefsson <jas@xxxxxxxxxxx>, Sam Hartman <hartmans-ietf@xxxxxxx>, Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, ietf-sasl@xxxxxxx
References: <tslac6sm3v5.fsf@xxxxxxxxxx> <44CF1B96.5010404@xxxxxxxxx> <44EC6C24.7040300@xxxxxxxxx> <87zmde5zx8.fsf@xxxxxxxxxxxxxxxxxxx> <44FF1585.5060607@xxxxxxxxx> <87k64fubq6.fsf@xxxxxxxxxxxxxxxxxxx> <tslodtrx0qn.fsf@xxxxxxxxxx> <87slj3sro7.fsf@xxxxxxxxxxxxxxxxxxx> <tsl8xkvwydu.fsf_-_@xxxxxxxxxx> <877j0fsq4u.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Thu, Sep 07, 2006 at 04:33:21PM +0200, Simon Josefsson wrote:
> Sam Hartman <hartmans-ietf@xxxxxxx> writes:
> > Why do you negotiate qop?
> 
> All SASL mechanisms that support security layers negotiate qop,
> including GSSAPI and DIGEST-MD5.  Further, GS2 can use channel
> bindings to avoid another security layer, so it actually negotiates
> two qop's; one qop if the channel binding succeeds and another qop if
> the channel binding does not succeed.

"QoP" may mean different things here in the contexts of SASL and the
GSS-API.  In the SASL context it seems to be synonymous with "security
layer."  Whereas in the GSS-API context it means something much more
akin to SASL's "SSF" (but not quite).

GS2 does NOT negotiate GSS-API QoPs -- it should always use the default
GSS-API QoP (0).

Nico
--

References:
- AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- gs2 and qop
  - From: Sam Hartman
- Re: gs2 and qop
  - From: Simon Josefsson

Prev by Date: Re: gs2 and qop
Next by Date: Re: gs2 and qop
Previous by thread: Re: gs2 and qop
Next by thread: Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
Index(es):
- Date
- Thread