Re: comments on the latest GSSAPI draft changes
Michael Richardson <mcr@sandelman.ottawa.on.ca> Fri, 15 October 1999 19:50 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id MAA04265; Fri, 15 Oct 1999 12:50:51 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id OAA05644 Fri, 15 Oct 1999 14:20:20 -0400 (EDT)
Message-Id: <199910151815.OAA01745@pzero.sandelman.ottawa.on.ca>
To: ipsec@lists.tislabs.com
Subject: Re: comments on the latest GSSAPI draft changes
In-reply-to: Your message of "Thu, 14 Oct 1999 11:29:59 PDT." <19398D273324D3118A2B0008C7E9A56902751614@SIT.platinum.corp.microsoft.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset="US-ASCII"
Date: Fri, 15 Oct 1999 14:15:14 -0400
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
-----BEGIN PGP SIGNED MESSAGE----- >>>>> "Exchange" == Exchange <Brian> writes: Exchange> Agreed. But, shipping based on internet drafts is a necessary Exchange> evil. Given that some vendors find this necessary, the No, it is just evil. XAUTH/GSSAPI/etc. should not have specified numbers at *ALL* The ISAKMP protocol provides for ways for vendors to use the private address space in a nice fashion. It is called the Vendor ID payload. Exchange> So the question still remains: will the arbitrary ID changes be Exchange> put back to their original values, or will we have a large Exchange> divergence from the IDs in the draft, and IDs in the Exchange> marketplace? If you ship with VendorID you won't care. If you ship with bare IDs from the private address range you will get toasted at every single bakeoff, and your product will likely fail to be certified. ] Train travel features AC outlets with no take-off restrictions| firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQB1AwUBOAdvMI5hrHmwwFrtAQFJJwL9E5/nU5UiuDAgpK0dAcLPJQV0QH5BOEN4 THXkqN/gfmTnWp11m7BBHRvIoK/ZI5kGMWDQfMqC1QfnzJ+saZxwn6iAx20lkzcT utlTWN5KVfsixmVPYZjgFrAteUGbS11O =2L65 -----END PGP SIGNATURE-----
- comments on the latest GSSAPI draft changes Brian Swander (Exchange)
- Re: comments on the latest GSSAPI draft changes Dan Harkins
- RE: comments on the latest GSSAPI draft changes Brian Swander (Exchange)
- RE: comments on the latest GSSAPI draft changes Paul Kierstead
- Re: comments on the latest GSSAPI draft changes Michael Richardson
- RE: comments on the latest GSSAPI draft changes Brian Swander (Exchange)
- Re: comments on the latest GSSAPI draft changes Michael Richardson