[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: which is our DIGEST-MD5 successor?

To: Jeffrey Hutzelman <jhutz@xxxxxxx>
Subject: Re: which is our DIGEST-MD5 successor?
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Tue, 18 Mar 2008 23:23:37 +0100
Cc: Chris Newman <Chris.Newman@xxxxxxx>, Tom Yu <tlyu@xxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <20080318220545.GQ16998@xxxxxxx> (Nicolas Williams's message of "Tue, 18 Mar 2008 17:05:46 -0500")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <> <Pine.LNX.4.33L.0803121328180.3634-100000@xxxxxxxxxxxxxxxxxxxxx> <87r6e766x2.fsf@xxxxxxxxxxxxxxxxxxx> <20080318220545.GQ16998@xxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

> On Tue, Mar 18, 2008 at 10:47:37PM +0100, Simon Josefsson wrote:
>> Jeffrey Hutzelman <jhutz@xxxxxxx> writes:
>> > I'm seeing an awful lot of "GS2 is going to make the wire encoding more
>> > complicated!  It's binary; binary is always complicated!" and similar FUD.
>> > I really wish people would stop spreading that, RIGHT NOW, and go actually
>> > read (or re-read) the documents in question.
>> 
>> For GS2, I think binary isn't an unreasonable choice, and I agree with
>> you.  I also think that there is some merit to having textual protocols,
>> and I think making our DIGEST-MD5 successor textual would be nice.
>
> There's very little binary anything in GS2:
>
>  - two 32-bit unsigned network byte order lengths
>  - another 32-bit quantity: maxbuf for security layers
>  - a pair of one-byte flags for security layer and channel-binding
>    negotiation
>  - the actual GSS-API mechanism tokens in the authentication exchanges
>
> Base64-encoding the GSS tokens would allow us to get rid of those two
> lengths; the flags and the maxbuf can be expressed textually.

That is true, and getting rid of the length fields would be neat.  But
if we are holding GS2, I suspect GS2 will be radically different when/if
brought back from its zombie state.  I'm not sure it makes sense to
spend time at this point to re-work the protocol for a technically small
change like this, when we may be doing larger changes later on.

/Simon

Follow-Ups:
- Re: which is our DIGEST-MD5 successor?
  - From: Nicolas Williams

References:
- Re: which is our DIGEST-MD5 successor?
  - From: Chris Newman
- Re: which is our DIGEST-MD5 successor?
  - From: Jeffrey Hutzelman
- Re: which is our DIGEST-MD5 successor?
  - From: Simon Josefsson
- Re: which is our DIGEST-MD5 successor?
  - From: Nicolas Williams

Prev by Date: Re: which is our DIGEST-MD5 successor?
Next by Date: Re: which is our DIGEST-MD5 successor?
Previous by thread: Re: which is our DIGEST-MD5 successor?
Next by thread: Re: which is our DIGEST-MD5 successor?
Index(es):
- Date
- Thread