[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-scram-02

To: Tom Yu <tlyu@xxxxxxx>
Subject: Re: WG Last Call: draft-ietf-sasl-scram-02
From: Peter Saint-Andre <stpeter@xxxxxxxxxx>
Date: Thu, 30 Jul 2009 19:33:51 +0200
Cc: ietf-sasl@xxxxxxx
In-reply-to: <4A703964.3090203@xxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: url=http://www.saint-andre.com/me/stpeter.asc
References: <ldvbpnouhy3.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <4A703964.3090203@xxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.22 (Macintosh/20090605)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/29/09 1:58 PM, Peter Saint-Andre wrote:

> SECTION 4
> 
> Typo: "hashed function" => "hash function"
> 
> I think the following text is slightly ambiguous:
> 
>    The "-PLUS" suffix is used only when the server supports channel
>    binding to the external channel.  In this case the server will
>    advertise both, SCRAM-SHA-1 and SCRAM-SHA-1-PLUS, otherwise the
>    server will advertise only SCRAM-SHA-1.  The "-PLUS" exists to allow
>    negotiation of the use of channel binding.  See Section 6.
> 
> This could be read to mean that if a server does not support channel
> bindings, then it will advertise only all and only SCRAM-SHA-1 (but
> never, say, SCRAM-SHA-256). I think we mean that if a server does not
> support channel bindings, then it will advertise only mechanisms of the
> form SCRAM-SHA-length and never mechanisms of the form
> SCRAM-SHA-length-PLUS (thus not forbidding support for hash functions
> other than SHA-1).

Alexey and I talked about this in Stockholm. I suggest the following text:

   The "-PLUS" suffix is used only when the server supports channel
   binding to the external channel.  If the server supports channel
   binding, it will advertise both the "bare" and "plus" versions of
   whatever mechanisms it supports (e.g., if the server supports only
   SCRAM with SHA-1 then it will advertise support for both SCRAM-SHA-1
   and SCRAM-SHA-1-PLUS); if the server does not support channel
   binding, then it will advertise only the "bare" version of the
   mechanism (e.g., only SCRAM-SHA-1).  The "-PLUS" exists to allow
   negotiation of the use of channel binding.  See Section 6.

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkpx2X8ACgkQNL8k5A2w/vzaoACeJD50PkCzKoLUFsccgU69ooil
1kMAn28bbQCgnvKy3WuXvzx3hZeNYo7v
=92RR
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Alexey Melnikov

References:
- WG Last Call: draft-ietf-sasl-scram-02
  - From: Tom Yu
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Peter Saint-Andre

Prev by Date: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by Date: I-D Action:draft-ietf-sasl-scram-03.txt
Previous by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Index(es):
- Date
- Thread