[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Holding gs2
>>>>> "Simon" == Simon Josefsson <simon@xxxxxxxxxxxxx> writes:
Simon> Sam Hartman <hartmans-ietf@xxxxxxx> writes:
>> I have a question for the SASL working group. With the
>> exception of the question I brought up about optimal round
Simon> I fear this would delay GS2 implementations for Kerberos
Simon> V5, which would give us useful feedback on other aspects of
Simon> the document.
Are there any implementers of SASL or Kerberos stacks who plan to delay?
Simon> How about a compromise: publish GS2 soon but specify that
Simon> it is ONLY to be used with Kerberos V5, i.e., the
Simon> GS2-QLJHGJLWNPLMQRNK mechanism. This will lead to
Simon> implementation experience for this particular use of GS2,
Simon> while making it possible to make changes that are relevant
Simon> for non-Kerberos mechanisms, when such experience has
Simon> established itself.
I think this is a really bad idea. It could get us into a situation
where we have three standards for kerberos and SASL. Or where we have
mechanisms that you should not use with GS2 other than negotiation
mechanisms. That seems like a bad idea to me.