[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Where do we stand? (Re: Poll: use of TLS channel bindings in SCRAM)
On May 30, 2009, at 11:06 AM, Nicolas Williams wrote:
By the way, I think you've convinced me that your concerns derive from
the YAP's violation of the channel binding abstraction, and that
therefore we need to consider the possibility that YAP is harmful.
I'd really like to keep YAP out of this. As I said before, I do not
believe any text that we are likely to agree on for SCRAM and GS2 will
hinder my desire to eventually publish YAP as experimental. And to go
beyond that, I don't think the introduce of ANY of the schemes being
discussed for negotiating channel binding types will hinder me
pursuing YAP. The only think I can think of that would hinder YAP and
similar mechanisms if RFC 4422 were to be revised to place what I
consider to be undue restrictions on the design of mechanisms.
However, I would argue (at the appropriate time) against these
restrictions on the general principles that SASL was intended to allow
a wide range of mechanisms and we should be careful not to place undue
restrictions on the design of future mechanisms, using YAP as only an
example of why I think such restrictions are undue.