On May 28, 2009, at 1:38 PM, Nicolas Williams wrote:
On Thu, May 28, 2009 at 10:39:00PM +0200, Simon Josefsson wrote:Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:Simon has submitted an I-D for the purpose of publishing these as RFCs:draft-josefsson-sasl-tls-cb-01 (which I've not yet reviewed).The goal with that document was to offer another channel binding construct, based on the TLS PRF. My document does not describeMicrosoft's channel binding types, which are based on the TLS Finishedmessage.We don't need alternatives.
But aren't alternatives just something we have to live with given the RFC 5056 IANA Considerations?
I think we need to be careful of specifications that assume that there will be one and only one unique channel binding type or one and only one server, client, or dual end-point channel binding type for a particular kind of channel. We already have two unique bindings for TLS registered (though one claims to be specific to TELNET, nothing seems to precludes it use outside of TELNET), and then Simon's. And you have noted the one could define TLS server end-point channel binding types that only identified the server's name.
-- Kurt