[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: use of TLS channel bindings in SCRAM

To: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Subject: Re: Poll: use of TLS channel bindings in SCRAM
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Fri, 29 May 2009 20:29:42 +0200
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, SASL WG <ietf-sasl@xxxxxxx>
In-reply-to: <20090529051317.GD29258@xxxxxxx> (Nicolas Williams's message of "Fri, 29 May 2009 00:13:17 -0500")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <4A1F06CF.80505@xxxxxxxxx> <87k540napw.fsf@xxxxxxxxxxxxxxxxxxx> <20090529051317.GD29258@xxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux)

Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

> After much discussion with Jeff H. and, separately, Sam H., I think the
> following proposal is likely to be simple enough to garner consensus and
> yet flexible enough to let us adapt to future conditions.  The proposal:

Nico convinced me about this proposal in jabber, and we fleshed out the
changes that will be needed in GS2 to implement this.  This has to be
reflected in SCRAM as well.  The changes can be summarized into:

1) Add text to say that with 'p' one cb type name is included (normally
tls-unique)

2) Add text to say that with 'y' a list of cb type names supported by
the client is included

3) Add text to say that if a server doesn't understand the cb type,
authentication fails.

4) The text from Nico's e-mail (clients and servers MUST support
tls-unique, clients SHOULD choose tls-unique, ...)

I have converted the above into text changes for GS2, and you can review
the result in:

http://josefsson.org/sasl-gs2/draft-ietf-sasl-gs2.txt
http://josefsson.org/sasl-gs2/draft-ietf-sasl-gs2.html

The diff against -13 is in:

http://josefsson.org/sasl-gs2/draft-ietf-sasl-gs2-from--13.diff.html

Check the examples, they are updated and hopefully give you a quick idea
of how the protocol will look like.

Thoughts?

/Simon

Follow-Ups:
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Jeffrey Hutzelman

References:
- Poll: use of TLS channel bindings in SCRAM
  - From: Alexey Melnikov
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams

Prev by Date: Re: Poll: use of TLS channel bindings in SCRAM
Next by Date: Re: Poll: use of TLS channel bindings in SCRAM
Previous by thread: Re: Poll: use of TLS channel bindings in SCRAM
Next by thread: Re: Poll: use of TLS channel bindings in SCRAM
Index(es):
- Date
- Thread