[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: use of TLS channel bindings in SCRAM

To: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>
Subject: Re: Poll: use of TLS channel bindings in SCRAM
From: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>
Date: Thu, 28 May 2009 18:25:03 -0700
Cc: SASL WG <ietf-sasl@xxxxxxx>
In-reply-to: <4A1F06CF.80505@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <4A1F06CF.80505@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

I hereby cancel the WGLC on this document as it is reasonably clearthat a lack of consensus exists as to the publication of the I-D as itcurrently reads. I also intend to defer the WGLC on the GS2 document.

I encourage the WG to respond to this poll. The chairs will determineWG consensus of responses, including comments, including discussionsnot restricted to the variants listed. The chairs will also consideroff-list comments. (Participants are of course free to reachindependent conclusions of the responses they are aware of, howeverthe chairs have not and will not delegated their RFC 2418responsibilities in this area.)


-- Kurt, as co-chair

On May 28, 2009, at 2:49 PM, Alexey Melnikov wrote:

I've discussed channel bindings with Nico in jabber and we agreedthat we need to get WG consensus on how TLS channel bindings shouldbe used with SCRAM.Please provide an orded list of alternatives you find acceptablefrom the choices listed below. (Please restrict discussions ofvariants of these choices at the moment. I will do another poll onsuch choices later, depending on the outcome of this poll. Also,please read notes for the choices before answering). Please answerthe poll by the end of June 7th.
1). SCRAM should just use a single allowed TLS channel binding anddon't have any negotiation of other TLS channel bindings (*) (**)
a). the default is tls-unique
b). the default is tls-server-end-point
2). SCRAM should just use tls-server-end-point, fallback to tls-unique, no negotiation of other TLS channel bindings (*)
3). SCRAM should always use channel binding negotiation (*)
4). SCRAM should have a default TLS channel binding with optionalnegotiation of TLS channel bindings (*)
a). the default is tls-unique
b). the default is
5). I have another opinion [this is for the case when there is somevalid choice which you think should be considered by the WG]
Notes:
(*) - whether such negotiation happens inside or outside of SCRAM
(**) - channel binding negotiation can be added later on

Follow-Ups:
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Alexey Melnikov
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams

References:
- Poll: use of TLS channel bindings in SCRAM
  - From: Alexey Melnikov

Prev by Date: Re: Poll: use of TLS channel bindings in SCRAM
Next by Date: Re: Poll: use of TLS channel bindings in SCRAM
Previous by thread: Re: Poll: use of TLS channel bindings in SCRAM
Next by thread: Re: Poll: use of TLS channel bindings in SCRAM
Index(es):
- Date
- Thread