[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: use of TLS channel bindings in SCRAM


Simon Josefsson wrote:


Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

On Fri, May 29, 2009 at 08:29:42PM +0200, Simon Josefsson wrote:

Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

[...]


Also, I like your ABNF.  I had in mind using something like t=<type> and
t=<type>[:<type>[:...]], but your approach strikes me as better.

I'm glad you like it.  I'm not entirely happy with it: you can't parse
it using a var[=value] parser, you need to inspect the string character
by character in the beginning.  One alternative would be (compare with
the examples in the document):

Example #1: n,a=someuser,...
Example #2: n,...
Example #3: F,n,...
I think we need comma after "n" (for consistency and ease of parsing) and we don't need a comma after F. 


Example #4: p=tls-unique,a=someuser,...
Example #5: p=tls-unique,...
Example #6: p=tls-server-end-point,...
Example #7: y=tls-unique:tls-server-end-point,a=someuser,...

However I didn't want to make unrelated changes at this point.

Also, that SCRAM uses var[=value] doesn't mean GS2 needs to.

I'm not sure.

Thoughts?