[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Optimizing use of SASL/GS2 over TLS

To: tls@xxxxxxxx
Subject: Optimizing use of SASL/GS2 over TLS
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Fri, 10 Apr 2009 17:06:39 -0500
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Reply-to: tls@xxxxxxxx
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

[Note: SASL and KITTEN WGs are Bcc'ed.]

I've submitted an I-D describing how to reduce the number of round trips
needed for SASL/GS2 mechanism negotiation and authentication when
running over TLS:

    draft-williams-tls-app-sasl-opt-01.txt

This can be seen as a variant of the TLS/GSS proposal from a while back
as it achieves the same result: you can use the GSS-API for
authentication _and_ TLS for session protection without having to pay a
round trip penalty.  But it does it in a slightly different and simpler
way.

I'm hoping this proposal will be less controversial than the TLS/GSS
proposal.

Comments?

Nico
--

Prev by Date: Never mind (Re: Protecting the mech negotiation in GS2)
Previous by thread: I-D Action:draft-ietf-sasl-channel-bindings-00.txt
Index(es):
- Date
- Thread