[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: use of TLS channel bindings in SCRAM

To: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Subject: Re: Poll: use of TLS channel bindings in SCRAM
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Wed, 03 Jun 2009 07:31:45 +0200
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, SASL WG <ietf-sasl@xxxxxxx>
In-reply-to: <20090603050732.GA22446@xxxxxxx> (Nicolas Williams's message of "Wed, 3 Jun 2009 00:07:32 -0500")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <4A1F06CF.80505@xxxxxxxxx> <87k540napw.fsf@xxxxxxxxxxxxxxxxxxx> <20090529051317.GD29258@xxxxxxx> <878wkfu5ih.fsf@xxxxxxxxxxxxxxxxxxx> <20090603050732.GA22446@xxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux)

Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

> On Fri, May 29, 2009 at 08:29:42PM +0200, Simon Josefsson wrote:
>>                         ...  The changes can be summarized into:
>> 
>> 1) Add text to say that with 'p' one cb type name is included (normally
>> tls-unique)
>> 
>> 2) Add text to say that with 'y' a list of cb type names supported by
>> the client is included
>
> There is a slightly better way that would simplify the client: define
> new GS2 CB flags to go with the 'n', 'y', and 'p' that we have now
> (which would stay as they have been, w/o any additional GS2 header
> fields).  The three flags we have now:
>
>  - 'n' (client can't do CB)
>  - 'y' (client can only do tls-unique but thinks the server can't do CB)
>  - 'p' (client used CB of the default type)
>
> plus two new ones that today's servers would have to understand but
> today's clients wouldn't have to:
>
>  - 'Y' and a list of CB types in GS2 header (client can do CB and CB
>    type negotiation and thinks the server advertives the given, possibly
>    empty list of CB types)
>
>  - 'P' and a single CB type in GS2 header (client used CB of the given
>    type)
>
> This way the server needs to know about the new bits in GS2 for future
> downgrade protection in the face of CB type nego, but the client doesn't
> have to know anything at all about future CB type nego.
>
> Simplifying the client strikes me as a good thing.

It adds more text to the specification, and some complexity, but it
seems like a reasonable compromise to simplify client implementations.

Before I update GS2 with that, what is the chance of making these
changes to SCRAM?  Alexey?

/Simon

Follow-Ups:
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams

References:
- Poll: use of TLS channel bindings in SCRAM
  - From: Alexey Melnikov
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams

Prev by Date: Re: Poll: use of TLS channel bindings in SCRAM
Next by Date: Re: Poll: use of TLS channel bindings in SCRAM
Previous by thread: Re: Poll: use of TLS channel bindings in SCRAM
Next by thread: Re: Poll: use of TLS channel bindings in SCRAM
Index(es):
- Date
- Thread