IETF Logo Mail Archive

Re: [CHANNEL-BINDING] Re: draft-ietf-sasl-gs2 AD review comments

Jeffrey Hutzelman <jhutz@cmu.edu> Wed, 10 October 2007 15:51 UTC

Return-path: <channel-binding-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ifdq5-0003se-Gf; Wed, 10 Oct 2007 11:51:13 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ifdq3-0003mO-LC for channel-binding@ietf.org; Wed, 10 Oct 2007 11:51:11 -0400
Received: from minbar.fac.cs.cmu.edu ([128.2.185.161]) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1Ifdq3-0000dH-8S for channel-binding@ietf.org; Wed, 10 Oct 2007 11:51:11 -0400
Received: from minbar.fac.cs.cmu.edu ([127.0.0.1]) by minbar.fac.cs.cmu.edu id aa08138; 10 Oct 2007 11:51 EDT
Date: Wed, 10 Oct 2007 11:51:03 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
X-X-Sender: <jhutz@minbar.fac.cs.cmu.edu>
To: Nicolas Williams <Nicolas.Williams@sun.com>
Subject: Re: [CHANNEL-BINDING] Re: draft-ietf-sasl-gs2 AD review comments
In-Reply-To: <20071010154115.GY24532@Sun.COM>
Message-ID: <Pine.LNX.4.33L.0710101142360.5381-100000@minbar.fac.cs.cmu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Cc: ietf-sasl@imc.org, channel-binding@ietf.org, Sam Hartman <hartmans-ietf@mit.edu>
X-BeenThere: channel-binding@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion of channel binding IANA registry requests and specifications <channel-binding.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/channel-binding>
List-Post: <mailto:channel-binding@ietf.org>
List-Help: <mailto:channel-binding-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=subscribe>
Errors-To: channel-binding-bounces@ietf.org

On Wed, 10 Oct 2007, Nicolas Williams wrote:

> On Wed, Oct 10, 2007 at 10:55:52AM -0400, Sam Hartman wrote:
> >     Nicolas> I believe the text of the I-D is clear on the above.
> >     Nicolas> Thus your protocol issues are taken care of.
> >
> > Well, my reading of the ID is that the protocol needs two slots--one
> > for a prefix and one for a channel binding octec string.  Simon is
> > arguing that we only want to have one slot.
> > I'm fine with that if we want to make that change.
>
> I don't agree.  The I-D is clear on channel bindings being a single
> octet string.  The prefix is a US-ASCII string prefixed to the raw
> channel binding octet string.  After the prefix is added you still have
> a single octet string.

Ah, but the spec doesn't actually _say_ that.  It doesn't actually say
anywhere that the prefix is prepended to the channel-specific binding
data, resulting in a single octet string for the application to transport.
On the other hand, it _does_ say that the application needs to distinguish
channel types based on the prefix, which suggests (but only suggests) that
they are treated as separate items.

If it's a single string, then you need a separator, for two reasons:

- Without it, it's not good enough for prefixes to be unique; it must be
  the case that no prefix is an initial substring of another.

- Without a separator, it is difficult for the application (or library)
  to separate the prefix from the data, which it must do in order to
  determine the channel type, which affects interpretation of the data.

Of course, one could use another approach, like a counted string, or a
fixed-width field, or a fixed-size integer.  I don't care much.

> Simon's issue, I thought, was about API slots.

I suppose we should let Simon speak for himself, but I believe his issue
was about supporting channel bindings in SASL-GS2.


_______________________________________________
CHANNEL-BINDING mailing list
CHANNEL-BINDING@ietf.org
https://www1.ietf.org/mailman/listinfo/channel-binding

v2.23.0 | Report a Bug | By Email