[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: use of TLS channel bindings in SCRAM

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: Poll: use of TLS channel bindings in SCRAM
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Wed, 3 Jun 2009 08:28:37 -0500
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, SASL WG <ietf-sasl@xxxxxxx>
In-reply-to: <8763fdnari.fsf@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <4A1F06CF.80505@xxxxxxxxx> <87k540napw.fsf@xxxxxxxxxxxxxxxxxxx> <20090529051317.GD29258@xxxxxxx> <878wkfu5ih.fsf@xxxxxxxxxxxxxxxxxxx> <20090603050732.GA22446@xxxxxxx> <8763fdnari.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Wed, Jun 03, 2009 at 07:31:45AM +0200, Simon Josefsson wrote:
> Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:
> > There is a slightly better way that would simplify the client: define
> > new GS2 CB flags to go with the 'n', 'y', and 'p' that we have now
> > (which would stay as they have been, w/o any additional GS2 header
> > fields).  The three flags we have now:
> >
> > ...
> >
> > Simplifying the client strikes me as a good thing.
> 
> It adds more text to the specification, and some complexity, but it
> seems like a reasonable compromise to simplify client implementations.

It does add more text to the spec, but server-side complexity is not
really changed, and the client is simplified.  I'm OK with either plan,
though I think I prefer this one.

> Before I update GS2 with that, what is the chance of making these
> changes to SCRAM?  Alexey?

We'll know soon enough.  The poll ends this week.

Nico
--

Follow-Ups:
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Alexey Melnikov
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams

References:
- Poll: use of TLS channel bindings in SCRAM
  - From: Alexey Melnikov
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Nicolas Williams
- Re: Poll: use of TLS channel bindings in SCRAM
  - From: Simon Josefsson

Prev by Date: Re: Poll: use of TLS channel bindings in SCRAM
Next by Date: Re: Poll: use of TLS channel bindings in SCRAM
Previous by thread: Re: Poll: use of TLS channel bindings in SCRAM
Next by thread: Re: Poll: use of TLS channel bindings in SCRAM
Index(es):
- Date
- Thread