[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gs2 and qop

To: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>
Subject: Re: gs2 and qop
From: Simon Josefsson <jas@xxxxxxxxxxx>
Date: Mon, 11 Sep 2006 13:44:42 +0200
Cc: Nicolas Williams <Nicolas.Williams@xxxxxxx>, Sam Hartman <hartmans-ietf@xxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <45016601.2080605@xxxxxxxxx> (Alexey Melnikov's message of "Fri\, 08 Sep 2006 13\:45\:53 +0100")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <87zmde5zx8.fsf@xxxxxxxxxxxxxxxxxxx> <44FF1585.5060607@xxxxxxxxx> <87k64fubq6.fsf@xxxxxxxxxxxxxxxxxxx> <tslodtrx0qn.fsf@xxxxxxxxxx> <87slj3sro7.fsf@xxxxxxxxxxxxxxxxxxx> <tsl8xkvwydu.fsf_-_@xxxxxxxxxx> <877j0fsq4u.fsf@xxxxxxxxxxxxxxxxxxx> <tsl4pvjwwws.fsf@xxxxxxxxxx> <87u03jr8fi.fsf@xxxxxxxxxxxxxxxxxxx> <tslejunvexm.fsf@xxxxxxxxxx> <20060907171255.GG317@xxxxxxxxxxxxxxxxxxxxx> <45016601.2080605@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)

Alexey Melnikov <alexey.melnikov@xxxxxxxxx> writes:

> Nicolas Williams wrote:
>
>>If we allow use of GSS-API mechanisms that don't offer integrity
>>protection then:
>>
>>a) GS2 has to be modified so the client sends the authzid without
>>   wrapping;
>>  
>>
> Why does this matter?

Mechanisms that doesn't provide integrity likely won't support the
GSS_Wrap function.

If integ_avail isn't set, GS2 would have to use another token to
transfer the authorization identity, it can't use GSS_Wrap.  The
maxbuf, channel binding and SASL qop fields are not relevant in this
case, leaving only the authorization identity.

/Simon

Follow-Ups:
- Re: gs2 and qop
  - From: Alexey Melnikov

References:
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- gs2 and qop
  - From: Sam Hartman
- Re: gs2 and qop
  - From: Simon Josefsson
- Re: gs2 and qop
  - From: Sam Hartman
- Re: gs2 and qop
  - From: Simon Josefsson
- Re: gs2 and qop
  - From: Sam Hartman
- Re: gs2 and qop
  - From: Nicolas Williams
- Re: gs2 and qop
  - From: Alexey Melnikov

Prev by Date: Re: gs2 and qop
Next by Date: Re: gs2 and qop
Previous by thread: Re: gs2 and qop
Next by thread: Re: gs2 and qop
Index(es):
- Date
- Thread