[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-scram-02

To: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>
Subject: Re: WG Last Call: draft-ietf-sasl-scram-02
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Thu, 30 Jul 2009 20:37:58 +0200
Cc: Peter Saint-Andre <stpeter@xxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <4A71DEA0.7020700@xxxxxxxxx> (Alexey Melnikov's message of "Thu, 30 Jul 2009 19:55:44 +0200")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <ldvbpnouhy3.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <4A703964.3090203@xxxxxxxxxx> <4A71D97F.10202@xxxxxxxxxx> <4A71DEA0.7020700@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.96 (gnu/linux)

Alexey Melnikov <alexey.melnikov@xxxxxxxxx> writes:

> Peter Saint-Andre wrote:
>
>>>SECTION 4
>>>
>>>Typo: "hashed function" => "hash function"
>>>
>>>I think the following text is slightly ambiguous:
>>>
>>>   The "-PLUS" suffix is used only when the server supports channel
>>>   binding to the external channel.  In this case the server will
>>>   advertise both, SCRAM-SHA-1 and SCRAM-SHA-1-PLUS, otherwise the
>>>   server will advertise only SCRAM-SHA-1.  The "-PLUS" exists to allow
>>>   negotiation of the use of channel binding.  See Section 6.
>>>
>>>This could be read to mean that if a server does not support channel
>>>bindings, then it will advertise only all and only SCRAM-SHA-1 (but
>>>never, say, SCRAM-SHA-256). I think we mean that if a server does not
>>>support channel bindings, then it will advertise only mechanisms of the
>>>form SCRAM-SHA-length and never mechanisms of the form
>>>SCRAM-SHA-length-PLUS (thus not forbidding support for hash functions
>>>other than SHA-1).
>>>    
>>>
>>Alexey and I talked about this in Stockholm. I suggest the following text:
>>
>>   The "-PLUS" suffix is used only when the server supports channel
>>   binding to the external channel.  If the server supports channel
>>   binding, it will advertise both the "bare" and "plus" versions of
>>   whatever mechanisms it supports (e.g., if the server supports only
>>   SCRAM with SHA-1 then it will advertise support for both SCRAM-SHA-1
>>   and SCRAM-SHA-1-PLUS); if the server does not support channel
>>   binding, then it will advertise only the "bare" version of the
>>   mechanism (e.g., only SCRAM-SHA-1).  The "-PLUS" exists to allow
>>   negotiation of the use of channel binding.  See Section 6.
>>  
>>
> Ok, this text will be in -04.

Please reassure me that the same change isn't needed in GS2?  I don't
see any normative words above, and as far as I can tell the described
behaviour is already covered by other text in both SCRAM and GS2 anyway.

/Simon

Follow-Ups:
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Peter Saint-Andre
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Alexey Melnikov

References:
- WG Last Call: draft-ietf-sasl-scram-02
  - From: Tom Yu
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Peter Saint-Andre
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Peter Saint-Andre
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Alexey Melnikov

Prev by Date: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by Date: Re: WG Last Call: draft-ietf-sasl-scram-02
Previous by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Index(es):
- Date
- Thread