Re: [kitten] SASL's idea of "additional data" in a protocol
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 19 March 2020 13:31 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 918D53A2981 for <kitten@ietfa.amsl.com>; Thu, 19 Mar 2020 06:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E40woC1Y_aX7 for <kitten@ietfa.amsl.com>; Thu, 19 Mar 2020 06:31:00 -0700 (PDT)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id 96EFE3A297F for <kitten@ietf.org>; Thu, 19 Mar 2020 06:30:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1584624654; d=isode.com; s=june2016; i=@isode.com; bh=bgXbiBuXR1d8opwq3/YlXFj+LTqb0U7KznblK8zdXkw=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=h15Z9s8tevrmWhpGZj9iM7W22m2d3YDRqaNCjyJPy+aFrrLKGqxRAFE8u4HO7Rn/D7VVrI 3rM/vkdVm8Gg/3n6IK1fQcLX2za62HwOmEjSo+u+hFx5VyndyEtEVdB8jY12av3A1RhMsw MguJ58f41AGG9tOvkCUm1+qMHj6kXa4=;
Received: from [192.168.1.216] (host81-154-46-147.range81-154.btcentralplus.com [81.154.46.147]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <XnN0DgAcxRGz@statler.isode.com>; Thu, 19 Mar 2020 13:30:54 +0000
To: Rick van Rein <rick@openfortress.nl>, "kitten@ietf.org" <kitten@ietf.org>
References: <5E7331FF.9000500@openfortress.nl>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <889abf71-b8c9-5bb8-5376-02047054296b@isode.com>
Date: Thu, 19 Mar 2020 13:30:52 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
In-Reply-To: <5E7331FF.9000500@openfortress.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/9sMXrm3L4H8KWInZgHXvEiZU5GM>
Subject: Re: [kitten] SASL's idea of "additional data" in a protocol
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 13:31:03 -0000
Hi Rick, On 19/03/2020 08:49, Rick van Rein wrote: > Hello, > > RFC 4422 states that there may be additional data with a success. I > don't think I have ever seen this in any protocol or mechanism. Am I > correct that there is no reason in practice to add it to a protocol > embedding of SASL? Actually, this is being used. Look for example at SCRAM (RFC 5802), the last message from the server (containing the v= attribute) can be sent as "additional data with success". It is always better to allow for this in a SASL protocol profile in order to save an extra round trip. I.e. if this feature is not supported by a protocol, the server will have to send it as a regular SASL response, to which the client will have to respond with an empty challenge, which will then be responded to by the server with just successful outcome (with no data). Best Regards, Alexey > The text is, > > Some mechanisms specify that the server is to send additional data to > the client when indicating a successful outcome. Protocols may > provide an optional additional data field in the outcome message to > carry this data. Where the mechanism specifies that the server is to > return additional data with the successful outcome, the protocol > provides an optional additional data field in the outcome message, > and the server uses this field, the exchange is shortened by one > round-trip: > > Thanks, > -Rick > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten
- [kitten] SASL's idea of "additional data" in a pr… Rick van Rein
- Re: [kitten] SASL's idea of "additional data" in … Alexey Melnikov
- Re: [kitten] SASL's idea of "additional data" in … Rick van Rein