Re: [TLS] GSS-API extension draft available

[Martin Rex <martin.rex@xxxxxxx>]

Jeffrey Altman wrote:
> 
> Martin Rex wrote:
> > Using the entropy from the GSS-API prf is fine.  Completly ignoring
> > additional randomness that is available through the regular TLS
> > handshake looks somewhat strange to me.
> > 
> > I would have expected that one would XOR a GSS-API supplied entropy
> > for the pre-master secret with a traditional TLS-generated entropy.
> 
> In other words, you would prefer an anonymous-DH exchange in addition
> to the GSS-API PRF?

Ooops, sorry -- I had only looked at the new draft, not rfc2712,
and was not aware that this completely removed the server certificate
from the TLS handshake.  This might be a challenge for client-side UIs,
which may not be prepared to deal with server identities not based
on X.509 certs, i.e. plug'n'play this into a TLS mechanism probably
does not work.

-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls