Re: [CHANNEL-BINDING] Re: draft-ietf-sasl-gs2 AD review comments

[Jeffrey Hutzelman <jhutz@cmu.edu>]

On Tuesday, October 09, 2007 04:25:16 PM -0500 Nicolas Williams 
<Nicolas.Williams@sun.com> wrote:

> On Tue, Oct 09, 2007 at 05:15:28PM -0400, Sam Hartman wrote:
>>     Nicolas> In any case, I don't think the channel
>>     Nicolas> providing the bindings should be providing the prefix.
>>
>> I don't see why this is true.  I'm with Nico; could go either way.
>
> Heh!
>
> OK, let's decide either way, shall we?  Because in some cases apps will
> be responsible for constructing the channel binding in the first place,
> and to minimize API impact on secure channels, I'd rather make the app
> responsible for adding the prefix.
>
> The primary consequence of doing so is: apps must know what type of
> channel they are binding to, and if they don't know then the implication
> is that some channel abstraction layer exists which does know and can be
> made responsible for adding the prefix.

Really, I don't care what the API looks like or what part of the 
implementation is responsible for adding the prefix.  What I care about is 
who is responsible for specifying how the prefix is encoded and 
transported.  Does the application protocol specification do this, possibly 
by transporting two protocol fields (a name and an octet string)?  Or is 
the prefix part of the octet-string channel binding data?

I'm inclined to specify that all protocols should work the same way, 
transporting a single octet string which consists of the prefix, followed 
by a NUL octet, followed by the actual binding data.

-- Jeff

_______________________________________________
CHANNEL-BINDING mailing list
CHANNEL-BINDING@ietf.org
https://www1.ietf.org/mailman/listinfo/channel-binding