--On Friday, May 29, 2009 07:44:05 PM -0700 Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx> wrote:
On May 29, 2009, at 2:36 AM, Alexey Melnikov wrote:I would ask chairs to put a deadline for reaching the consensus on channel bindings, somewhere around 1 month, 2 months max.With what consequences if the deadline is not met?I don't intend to participate in discussions in this document for 6 more months.I don't intend to discuss participate in discussions any longer than necessary. While I hope consensus can be reached quickly and am encouraged by the list discussions, I'm not holding my breath. My current goal is to try to close on the channel binding type negotiation issue within the next 2-3 weeks, and have I-D back in WGLC by end of June.
That's funny, because I think the rest of us have agreed that, with a small change to SCRAM and GS2, we can conclude those documents _without_ resolving the question of how negotiation should be performed, because we've left the door open for a variety of negotiation techniques to be added later, if/when we reach a consensus that such negotiation is needed and on how it should work.
Have you missed that part? We're NOT TRYING TO DECIDE HOW NEGOTIATION SHOULD WORK.In fact, the rest of us would really like to stop talking about that alogether, until we can get SCRAM and GS2 finished.
Unfortunately, despite the fact that we've shown that a variety of approaches can work with GS2 modified as we've described, including several very different approaches proposed by different people, we keep finding ourselves arguing about which of those proposals is the right one instead of finishing the documents that don't depend on the outcome of that discussion.
I believe we all understand that multi-level negotiation is a bad idea.But you seem to be saying that you don't want to move forward with GS2 and SCRAM because in their current form they might preclude an approach involving multi-level negotiation, which we all agree is a bad idea. Why in the world would you want to hold up a document because it doesn't allow for doing something that no one wants to do anyway?
The only explanation I've seen from you on this seems to be of the form "well, while there are several neogtiation models to choose from, the one I prefer might not win, and if that happens, then I want to be free to propose something _NO ONE_ wants to do and which is a horribly bad idea, rather than accept that I am in the rough and live with a model that doesn't have all of the properties I want". I think that's ludicrous -- we've shown that it's possible to have a negotiation model with the properties you want; in fact, I believe we've shown two such models. If we decide we don't want that, it'll be because we don't want that, not because we want to go off and do something everyone agrees is even worse.
Oh, and just in case you've forgotten...The negotiation model I described involves inventing a single new pseudo-mechanism which, when selected, allows the server to provide a complete list of {mechanism,channel-binding} combinations it is willing to support. The client then selects a combination and informs the server of which mechanism it has chosen, and then procedes to exchange the tokens of the new mechanism as if the negotiation-pseudo-mechanism had never been there. This allows you to have full control over the permitted combinations, allows Nico and I to avoid N*M registrations, and even resolves the name-length problems, since the information advertised via the pseudo-mechanism is just part of that mechanism's token as far as the SASL application protocol is concerned. The expense is mostly an extra round trip.
I don't want to argue the merits of this idea right now. I just want to point out that it's an example of something that gives you the control you want _and_ it's an example of something that works with GS2 as we've proposed modifying it.
_MY_ goal is to try and close on the present discussion within the next 24 hours, and _without_ choosing a negotation mechanism, because we don't have to do that to get the document done. Once that's done, I'll try to review the GS2 and SCRAM documents over the next week, and certainly by the end of their respective WGLC.
-- Jeff