[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: use of TLS channel bindings in SCRAM

To: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>
Subject: Re: Poll: use of TLS channel bindings in SCRAM
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Fri, 29 May 2009 16:57:04 -0500
Cc: Jeffrey Hutzelman <jhutz@xxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, SASL WG <ietf-sasl@xxxxxxx>
In-reply-to: <CF23FDA2-68BB-4EFC-A15C-86A36C16F21B@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <4A1F06CF.80505@xxxxxxxxx> <87k540napw.fsf@xxxxxxxxxxxxxxxxxxx> <20090529051317.GD29258@xxxxxxx> <87bppcml1k.fsf@xxxxxxxxxxxxxxxxxxx> <20090529154209.GI29258@xxxxxxx> <9659A4ED-92EF-4029-9F1A-FD15C6B956B3@xxxxxxxxx> <2EC8800EFECD82570732A792@xxxxxxxxxxxxxxxxxxxxxx> <CF23FDA2-68BB-4EFC-A15C-86A36C16F21B@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Fri, May 29, 2009 at 02:47:39PM -0700, Kurt Zeilenga wrote:
> I am a bit concerned that that current proposal might preclude certain  
> negotiation strategies from consideration as they would be difficult  
> to retrofit in.   In particular, I am concerned that the current  
> proposal might preclude purely in-the-mechanism-exchange negotiation  
> of channel binding types.

Can you elaborate on how our approach might do that?  I don't see it,
but perhaps I'm biased.

> I would like SCRAM and GS2 not to preclude a particular negotiation  
> model, including per-mechanism negotiation approaches such as what I  
> propose and/or in-the-mechanism negotiation.

The current proposal is designed precisely to make all three of the cb
type negotiation schemes proposed thus far feasible:

 - your and Simon's N*M proposals
 - Jeff's pseudo-mechanism to negotiate cb type
 - my N+M proposal

I don't see how our proposal precludes any one of them.

(I also don't see how my N+M proposal makes it difficult or impossible
to have mechanisms like YAP.  I've posted an algorithm that shows how it
does, in fact, allow for YAP.  But I don't want to get into that
discussion.  I want to stop at: does our concrete proposal allow or
preclude any of the proposed, future cb type negotiation schemes?  I
believe the answer is that it allows all of them and precludes none.)

> So long as SCRAM and GW are adequately extensible, this shouldn't be a  
> problem.

That's the point of our proposal.

References:
- Poll: use of TLS channel bindings in SCRAM
  - From: Alexey Melnikov
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Kurt Zeilenga
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Jeffrey Hutzelman
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Kurt Zeilenga

Prev by Date: Re: Poll: use of TLS channel bindings in SCRAM
Next by Date: Re: Poll: use of TLS channel bindings in SCRAM
Previous by thread: Re: Poll: use of TLS channel bindings in SCRAM
Next by thread: Re: Poll: use of TLS channel bindings in SCRAM
Index(es):
- Date
- Thread