[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: which is our DIGEST-MD5 successor?

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: which is our DIGEST-MD5 successor?
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Tue, 18 Mar 2008 17:05:46 -0500
Cc: Jeffrey Hutzelman <jhutz@xxxxxxx>, Chris Newman <Chris.Newman@xxxxxxx>, Tom Yu <tlyu@xxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <87r6e766x2.fsf@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Mail-followup-to: Simon Josefsson <simon@xxxxxxxxxxxxx>, Jeffrey Hutzelman <jhutz@xxxxxxx>, Chris Newman <Chris.Newman@xxxxxxx>, Tom Yu <tlyu@xxxxxxx>, ietf-sasl@xxxxxxx
References: <> <Pine.LNX.4.33L.0803121328180.3634-100000@xxxxxxxxxxxxxxxxxxxxx> <87r6e766x2.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Tue, Mar 18, 2008 at 10:47:37PM +0100, Simon Josefsson wrote:
> Jeffrey Hutzelman <jhutz@xxxxxxx> writes:
> > I'm seeing an awful lot of "GS2 is going to make the wire encoding more
> > complicated!  It's binary; binary is always complicated!" and similar FUD.
> > I really wish people would stop spreading that, RIGHT NOW, and go actually
> > read (or re-read) the documents in question.
> 
> For GS2, I think binary isn't an unreasonable choice, and I agree with
> you.  I also think that there is some merit to having textual protocols,
> and I think making our DIGEST-MD5 successor textual would be nice.

There's very little binary anything in GS2:

 - two 32-bit unsigned network byte order lengths
 - another 32-bit quantity: maxbuf for security layers
 - a pair of one-byte flags for security layer and channel-binding
   negotiation
 - the actual GSS-API mechanism tokens in the authentication exchanges

Base64-encoding the GSS tokens would allow us to get rid of those two
lengths; the flags and the maxbuf can be expressed textually.

The GSS tokens in the _security layers_ would not need to be base64-
encoded -- that stuff (like the application plain-text) can be binary
and noone will mind.

Nico
--

Follow-Ups:
- Re: which is our DIGEST-MD5 successor?
  - From: Jeffrey Hutzelman
- Re: which is our DIGEST-MD5 successor?
  - From: Simon Josefsson

References:
- Re: which is our DIGEST-MD5 successor?
  - From: Chris Newman
- Re: which is our DIGEST-MD5 successor?
  - From: Jeffrey Hutzelman
- Re: which is our DIGEST-MD5 successor?
  - From: Simon Josefsson

Prev by Date: Re: which is our DIGEST-MD5 successor?
Next by Date: Re: which is our DIGEST-MD5 successor?
Previous by thread: Re: which is our DIGEST-MD5 successor?
Next by thread: Re: which is our DIGEST-MD5 successor?
Index(es):
- Date
- Thread