[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: use of TLS channel bindings in SCRAM

To: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>
Subject: Re: Poll: use of TLS channel bindings in SCRAM
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Fri, 29 May 2009 15:47:48 -0500
Cc: Simon Josefsson <simon@xxxxxxxxxxxxx>, Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, SASL WG <ietf-sasl@xxxxxxx>
In-reply-to: <9659A4ED-92EF-4029-9F1A-FD15C6B956B3@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <4A1F06CF.80505@xxxxxxxxx> <87k540napw.fsf@xxxxxxxxxxxxxxxxxxx> <20090529051317.GD29258@xxxxxxx> <87bppcml1k.fsf@xxxxxxxxxxxxxxxxxxx> <20090529154209.GI29258@xxxxxxx> <9659A4ED-92EF-4029-9F1A-FD15C6B956B3@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Fri, May 29, 2009 at 01:02:53PM -0700, Kurt Zeilenga wrote:
> What I don't find acceptable is any assumption that applicability of  
> any particular channel binding type is the same for all mechanisms  
> used within a particular application layer protocol.  Hence, I want  
> negotiation which allows the server to say which channel binding types  
> it willing to support on a per mechanism basis.

My M+N negotiation scheme does NOT make "any assumption that
applicability of any particular channel binding type is the same for all
mechanisms..."

It does, however, require local knowledge of the applicability of any
server-advertised, client-supported channel binding type to any server-
advertised, client-supported SASL mechanism.  And it requires applying
that knowledge via a simple (but by no means trivial) algorithm.

BUT, the point of Jeff's and my proposal is this: we don't need to argue
about the merits of M*M, M+N, or a pseudo-mechanism to negotiate cb
types -- we can stop at making it possible to add a secure cb type
negotiation later.

By deferring discussion of a feature where we don't have consensus
(multiple proposals, each with their set of problems, and their
champions) to when we ever end up needing it, we make it easier to reach
consensus _now_ on the minimum that we need to get SCRAM/GS2 out the
door.

If you don't agree with this approach to reaching consensus, please say
so.

Follow-Ups:
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Kurt Zeilenga

References:
- Poll: use of TLS channel bindings in SCRAM
  - From: Alexey Melnikov
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Kurt Zeilenga

Prev by Date: Re: Poll: use of TLS channel bindings in SCRAM
Next by Date: Re: Poll: use of TLS channel bindings in SCRAM
Previous by thread: Re: Poll: use of TLS channel bindings in SCRAM
Next by thread: Re: Poll: use of TLS channel bindings in SCRAM
Index(es):
- Date
- Thread