GS2 update

[Simon Josefsson <jas@xxxxxxxxxxx>]

All:

I have submitted an updated version of GS2.  Until it shows up in the
repository, you can view it from:

http://josefsson.org/sasl-gs2/draft-ietf-sasl-gs2-03.txt

I believe it closes all open issues, except for two that I have
requested help on before:

1) Compute Kerberos V5 mech name.

2) Support for non-integrity capable GSS mechanisms.

However, there has been many changes, and I may have missed some
suggestions.  Please consider the latest version ready to go except
for the two issues above.

The first issue above should be easy to close fast if someone can
independently compute the GS2 mech name for Kerberos V5 OIDs.  I'm
worried about the lack of response on this matter, it would be a
simple thing to resolve for anyone with interest in GS2.  Does it
indicate that nobody is interested in and/or committed to GS2?

The second might warrant more discussion.  I'd welcome text to solve
this, because I'm not sure how it should work, in particular with
regards to the integ_req flag.  Personally, I see no point in
supporting non-integrity authentication mechanisms -- it seems to
weaken GS2, so I would rather drop the feature and have those
interested in weak authentication schemes specify their own SASL
mechanism.  Further, nobody has presented a specific use-case for this
feature, so it seems to me be feature creepism.  However, text
proposals to resolve the problem is fine.

/Simon