[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Holding gs2

To: Chris Newman <Chris.Newman@xxxxxxx>
Subject: Re: Holding gs2
From: Sam Hartman <hartmans-ietf@xxxxxxx>
Date: Tue, 11 Mar 2008 12:24:43 -0400
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <20080129212605.GD12865@xxxxxxx> (Nicolas Williams's message of "Tue, 29 Jan 2008 15:26:05 -0600")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <tslzlv55mon.fsf@xxxxxxx> <87bq7hx536.fsf@xxxxxxxxxxxxxxxxxxx> <tslk5m2ep8f.fsf@xxxxxxx> <87myqxnc8b.fsf@xxxxxxxxxxxxxxxxxxx> <479CCD23.4050600@xxxxxxxxx> <20080128155952.GZ12865@xxxxxxx> <A700A598DE5875E9C792C999@xxxxxxxxxxxxxxxxxx> <20080129212605.GD12865@xxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

    Nicolas> On Tue, Jan 29, 2008 at 12:16:36PM -0700, Chris Newman
    Nicolas> wrote:
    >> Speaking as a technical participant only...
    >> 
    >> As a SASL implementer, it is my current intention to not
    >> implement the "security layer" feature of SASL.  If I implement
    >> GS2, my implementation will always negotiate the GS2 security
    >> layer off and will use SSL/TLS channel bindings if there's any
    >> reasonable way I can get that working with the Mozilla/NSS
    >> library.

    Nicolas> Most SASL apps have StartTLS or TLS port options.  I'm
    Nicolas> inclined to believe that most SASL implementors would
    Nicolas> prefer to just do channel binding to TLS when you want
    Nicolas> security layers.

    Nicolas> So I'm now inclined to believe that Sam is right: we may
    Nicolas> have gone overboard with GS2.

Sam is horribly confused here.  In particular Nico seems to believe
I'm worried that you have to implement MIC tokens in pure SASL
mechanisms.  I don't think I've expressed that worry.

I think Nico is reading objections I've never made into my statements.

Follow-Ups:
- Re: Holding gs2
  - From: Nicolas Williams

References:
- Holding gs2
  - From: Sam Hartman
- Re: Holding gs2
  - From: Simon Josefsson
- Re: Holding gs2
  - From: Sam Hartman
- Re: Holding gs2
  - From: Simon Josefsson
- Re: Holding gs2
  - From: Alexey Melnikov
- Re: Holding gs2
  - From: Nicolas Williams
- Re: Holding gs2
  - From: Chris Newman
- Re: Holding gs2
  - From: Nicolas Williams

Prev by Date: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Next by Date: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Previous by thread: Re: Holding gs2
Next by thread: Re: Holding gs2
Index(es):
- Date
- Thread