[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-gs2-02.txt

To: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>
Subject: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
From: Simon Josefsson <jas@xxxxxxxxxxx>
Date: Wed, 04 Oct 2006 09:56:15 +0200
Cc: ietf-sasl@xxxxxxx
In-reply-to: <45228C80.4020906@xxxxxxxxx> (Alexey Melnikov's message of "Tue\, 03 Oct 2006 17\:14\:56 +0100")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <7.0.1.0.0.20060831104340.03a589a0@xxxxxxxxxxxx> <450B3B77.2010406@xxxxxxxxx> <87fye5n5o6.fsf@xxxxxxxxxxxxxxxxxxx> <45226B74.1090704@xxxxxxxxx> <87ejtpjwxh.fsf@xxxxxxxxxxxxxxxxxxx> <45228C80.4020906@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)

Alexey Melnikov <alexey.melnikov@xxxxxxxxx> writes:

> Simon Josefsson wrote:
>
>>Alexey Melnikov <alexey.melnikov@xxxxxxxxx> writes:
>>  
>>
>>>>>And the text quoted above is followed by additional text which is not
>>>>>currently in GS2:
>>>>>
>>>>> Upon successful establishment of the security context and if the
>>>>> server used GSS_C_NO_NAME/GSS_C_NO_CREDENTIAL to create acceptor
>>>>> credential handle, the server SHOULD also check using the
>>>>> GSS_Inquire_context that the target_name used by the client matches:
>>>>>
>>>>> -  the GSS_C_NT_HOSTBASED_SERVICE "service@hostname" name syntax,
>>>>>    where "service" is the service name specified in the application
>>>>>    protocol's profile.
>>>>>
>>>>> When GSS_Accept_sec_context returns GSS_S_COMPLETE, the server
>>>>> examines the context to ensure that it provides a level of protection
>>>>> permitted by the server's security policy.
>>>>>          
>>>>>
>>>>Thanks, I added this, but changed the SHOULD into MUST, because
>>>>otherwise it seems we open up to a mitm.
>>>>      
>>>>
>>>No, the SHOULD is here because the server could have used a specific
>>>principal during GSS_Import_Name. In such case there would be no need to
>>>do the check.
>>>    
>>>
>>The text applies only when GSS_C_NO_NAME and/or GSS_C_NO_CREDENTIAL
>>was used, and in that case I think the test is necessary.  Or Is there
>>another reason to not do the test?
>>  
>>
> A server implementation can have some external knowledge about the
> principal that will be selected when GSS_C_NO_NAME and/or
> GSS_C_NO_CREDENTIAL is used. I guess this can be interpreted as
> compliance with the SHOULD?

Yes, that makes sense.  I reverted it to SHOULD.

Thanks,
Simon

References:
- WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Kurt D. Zeilenga
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov

Prev by Date: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Next by Date: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Previous by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Next by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Index(es):
- Date
- Thread