[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WG Last Call: draft-ietf-sasl-scram-02
On Tue, Jul 28, 2009 at 11:23:20PM +0200, Simon Josefsson wrote:
> Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:
> > I'll be happy to see this SHOULD turn into a MUST.
> The last sentence still seems necessary though. So the paragraph
> Clients MUST choose the tls-unique channel binding type. Servers MUST
> choose the channel binding type indicated by the client, if they
> support it.
> I suspect we want SCRAM and GS2 to be consistent on this, right? So
> both documents needs this change.
Also, we should allow application protocols to specify a different CB
Clients MUST choose the default channel binding type for the
application -- 'tls-unique' for any applications that don't specify
one. Servers MUST choose the channel binding type indicated by the
client, or fail authentication if they don't support it.