Re: [CHANNEL-BINDING] Re: draft-ietf-sasl-gs2 AD review comments

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@sun.com> writes:

    Nicolas> On Tue, Oct 09, 2007 at 05:44:47PM -0400, Jeffrey
    Nicolas> Hutzelman wrote:
    >> Really, I don't care what the API looks like or what part of
    >> the implementation is responsible for adding the prefix.  What
    >> I care about is who is responsible for specifying how the
    >> prefix is encoded and transported.  Does the application
    >> protocol specification do this, possibly by transporting two
    >> protocol fields (a name and an octet string)?  Or is the prefix
    >> part of the octet-string channel binding data?

    Nicolas> The channel binding octet string and the prefix US-ASCII
    Nicolas> string are both *just* that.  Prefixing the latter to the
    Nicolas> former is feasible without ambiguity provided that: the
    Nicolas> prefixes are unique and that they are always used.  

Well, if I have a prefix tls and a prefix t with a channel binding
starting ls I may have a problem.

    Nicolas> No
    Nicolas> separator character is needed (but if one was needed I'd
    Nicolas> prefer ':' over NUL).

    Nicolas> I believe the text of the I-D is clear on the above.
    Nicolas> Thus your protocol issues are taken care of.

Well, my reading of the ID is that the protocol needs two slots--one
for a prefix and one for a channel binding octec string.  Simon is
arguing that we only want to have one slot.
I'm fine with that if we want to make that change.

I think Jeff is arguing for the same.  I think you ande I don't care
much.

_______________________________________________
CHANNEL-BINDING mailing list
CHANNEL-BINDING@ietf.org
https://www1.ietf.org/mailman/listinfo/channel-binding