Re: [CHANNEL-BINDING] Re: draft-ietf-sasl-gs2 AD review comments

[Jeffrey Hutzelman <jhutz@xxxxxxx>]

On Thu, 11 Oct 2007, Nicolas Williams wrote:

> On Thu, Oct 11, 2007 at 01:28:07PM -0400, Jeffrey Hutzelman wrote:
> > This sort of assumes that the "obvious" thing to do is prfix the name to
> > the data, rather than treating them separately.  That sssumption seems
> > flawed to me, and the source of much confusion.
>
> Did you miss this part of my reply to Sam:
>
> Nico> I propose the following addition to that requirement:  "Where the
> Nico> authentication interfaces provide a slot for channel binding data but no
> Nico> slot for channel binfing type, then the application MUST prefix the
> Nico> US-ASCII name of the channel binding type ("prefix"), and a separator
> Nico> character, ':', to the channel binding data an octet string."

I saw that; I just forgot to say anything.  That basically sounds like my
option (2).  I think that's probably sufficient.  Simon?

-- Jeff