[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: use of TLS channel bindings in SCRAM

To: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>
Subject: Re: Poll: use of TLS channel bindings in SCRAM
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Fri, 29 May 2009 19:22:58 -0500
Cc: Jeffrey Hutzelman <jhutz@xxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, SASL WG <ietf-sasl@xxxxxxx>
In-reply-to: <B23BB819-E777-45C1-A461-33E09817E123@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <87k540napw.fsf@xxxxxxxxxxxxxxxxxxx> <20090529051317.GD29258@xxxxxxx> <87bppcml1k.fsf@xxxxxxxxxxxxxxxxxxx> <20090529154209.GI29258@xxxxxxx> <9659A4ED-92EF-4029-9F1A-FD15C6B956B3@xxxxxxxxx> <2EC8800EFECD82570732A792@xxxxxxxxxxxxxxxxxxxxxx> <CF23FDA2-68BB-4EFC-A15C-86A36C16F21B@xxxxxxxxx> <D4CCFC83CE0C68BD1D1F4225@xxxxxxxxxxxxxxxxxxxxxx> <20090529220540.GF29258@xxxxxxx> <B23BB819-E777-45C1-A461-33E09817E123@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Fri, May 29, 2009 at 05:18:49PM -0700, Kurt Zeilenga wrote:
> On May 29, 2009, at 3:05 PM, Nicolas Williams wrote:
> >That's not quite my interpretation of what Kurt wants.  Kurt is not
> >being terribly clear.
> 
> I am trying my best to offer clarification.
> 
> >His primary goal is clearly to allow for YAP and
> >its dependence on unique channel binding types.
> 
> If it wasn't for you and others occasionally bringing up YAP in the  
> context of SCRAM and GS2 discussions, I doubt I would see much (if  
> any) need to comment on it.  At present, I don't see anything in  
> recent discussions (aside from suggested changes to RFC 4422) that  
> would preclude publication of YAP (as it now specified, or how I might  
> revise the I-D).  [If someone does see something that would interfere  
> with the publication of YAP (as now specified, or how they think I  
> might revise the I-D), I hope they would bring this to my attention  
> (off-list please).]

OK, good, we're done with that.

> While certainly I have, do, and will oppose any change to RFC 4422  
> which unduly restrict the design of mechanisms, my concerns apply  
> generally.  I have and will use YAP as well as existing mechanisms as  
> examples of how such changes might unduly restrict the design of  
> particular mechanisms in hopes that folks might see how changes might  
> impact future mechanisms.
> 
> I've tried to focus on negotiation solutions suitable for SCRAM and  
> GS2, while considering the possible optional reuse of the solution in  
> future mechanisms.  What I like is a solution for SCRAM which could be  
> reused by other mechanisms.

I believe nothing in our proposal precludes in-mechanism negotiation of
channel binding type for any mechanisms that are NOT GS2 mechanisms
(remember, SCRAM is a GS2 mechanism).

I believe that making GS2 support in-mechanism negotiation of channel
binding type now or in the future would require _significant_ surgery on
GS2.  It's too late to be doing major changes to GS2.  Moreover, where
is the justification for requiring that GS2 support such a thing?  If
you believe that GS2 should support that, then please explain why, and
then let's have a poll on that.

Nico
--

Follow-Ups:
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Kurt Zeilenga

References:
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Kurt Zeilenga
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Jeffrey Hutzelman
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Kurt Zeilenga
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Jeffrey Hutzelman
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Kurt Zeilenga

Prev by Date: Re: Poll: use of TLS channel bindings in SCRAM
Next by Date: Re: Poll: use of TLS channel bindings in SCRAM
Previous by thread: Re: Poll: use of TLS channel bindings in SCRAM
Next by thread: Re: Poll: use of TLS channel bindings in SCRAM
Index(es):
- Date
- Thread