IETF Logo Mail Archive

RE: Impact of a new GSS mech on applications

"Josh Howlett" <Josh.Howlett@ja.net> Fri, 20 March 2009 16:42 UTC

Return-Path: <Josh.Howlett@ja.net>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CFC953A6A35 for <kitten@core3.amsl.com>; Fri, 20 Mar 2009 09:42:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPArqjNKyiho for <kitten@core3.amsl.com>; Fri, 20 Mar 2009 09:42:40 -0700 (PDT)
Received: from umhost1.ukerna.ac.uk (umhost1.ukerna.ac.uk [193.62.83.67]) by core3.amsl.com (Postfix) with ESMTP id D898A3A6903 for <kitten@ietf.org>; Fri, 20 Mar 2009 09:42:38 -0700 (PDT)
Received: from har003676.ukerna.ac.uk ([194.82.140.75]) by umhost1.ukerna.ac.uk with esmtp (Exim 4.50) id 1Lkhoa-0000Ig-LE; Fri, 20 Mar 2009 16:43:24 +0000
Received: from har003676.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 4EA144A6B2E_9C3C77AB; Fri, 20 Mar 2009 16:42:34 +0000 (GMT)
Received: from uxsrvr20.atlas.ukerna.ac.uk (uxsrvr20.ukerna.ac.uk [193.62.83.209]) by har003676.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id 391784A6A7D_9C3C778F; Fri, 20 Mar 2009 16:42:32 +0000 (GMT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Impact of a new GSS mech on applications
Date: Fri, 20 Mar 2009 16:43:20 -0000
Message-ID: <6ED388AA006C454BA35B0098396B9BFB04F43DCE@uxsrvr20.atlas.ukerna.ac.uk>
In-Reply-To: <20090320161048.GJ9992@Sun.COM>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Impact of a new GSS mech on applications
Thread-Index: Acmpd72CYXaJL0r0RE+PUukyEjMiqwAAXdlw
References: <6ED388AA006C454BA35B0098396B9BFB04F43CCF@uxsrvr20.atlas.ukerna.ac.uk> <20090320161048.GJ9992@Sun.COM>
From: Josh Howlett <Josh.Howlett@ja.net>
To: Nicolas Williams <Nicolas.Williams@sun.com>
Cc: kitten@ietf.org, Josh Howlett <Josh.Howlett@ja.net>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2009 16:42:40 -0000

> > From an application's PoV, what are the implications if a new 
> > mechanism appears on the system?
> 
> Acceptor applications are not affected.

Doh, of course.

> > For example, it seems to me (speaking from a positive of 
> significant 
> > ignorance about GSS) that an application might want impose a common 
> > policy on certain features of GSS-API (anonymity, 
> delegation) across 
> > all mechanisms. However, it also seems that some mechanism-specific 
> > policy might be needed (which mechanisms are permitted, quality of 
> > protection, security services).
> 
> Yes.
> ...
> Thus draft-ietf-kitten-extended-mech-inquiry-04.txt.

That seems like a good idea to me, given the issues that you enumerated.

Thanks again for the great information.

josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG

v2.23.0 | Report a Bug | By Email