IETF Logo Mail Archive

Re: draft-williams-on-channel-binding-00.txt is in the I-D repository

Sam Hartman <hartmans-ietf@mit.edu> Fri, 18 August 2006 14:23 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GE5GP-0001rd-SE; Fri, 18 Aug 2006 10:23:57 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GE5GO-0001rR-Fv; Fri, 18 Aug 2006 10:23:56 -0400
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GE5GN-0001W0-7u; Fri, 18 Aug 2006 10:23:56 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 7D420E00C0; Fri, 18 Aug 2006 10:23:57 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Simon Josefsson <jas@extundo.com>
References: <20060815150854.GM4099@binky.Central.Sun.COM> <87ac663pzs.fsf@latte.josefsson.org>
Date: Fri, 18 Aug 2006 10:23:57 -0400
In-Reply-To: <87ac663pzs.fsf@latte.josefsson.org> (Simon Josefsson's message of "Tue, 15 Aug 2006 18:47:35 +0200")
Message-ID: <tslsljuunpe.fsf@cz.mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Cc: kitten@ietf.org, ietf-sasl@imc.org, nfsv4@ietf.org
Subject: Re: draft-williams-on-channel-binding-00.txt is in the I-D repository
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Errors-To: kitten-bounces@lists.ietf.org

>>>>> "Simon" == Simon Josefsson <jas@extundo.com> writes:

    Simon> Nicolas Williams <Nicolas.Williams@sun.com> writes:

    >> Folks, the replacement for draft-ietf-nfsv4-channel-bindings,
    >> draft-williams-on-channel-binding-00.txt, is now in the I-D
    >> repository.
    >> 
    >> It has also been significantly expanded.  Please review.  I'd
    >> like to ask the security ADs for an IETF Last Call on this I-D
    >> soon.

    Simon> Looks good in general.  A general design question:

    Simon> What about SASL/GS2 over TLS over SSH over IPSEC?  What is
    Simon> the channel bindings for that, is it only the TLS binding?
    Simon> Consider if the application regards the TLS layer as weak
    Simon> (export ciphers) but the SSH layer as strong, would it be
    Simon> permitted to use the SSH channel binding?  This sounds to
    Simon> me like it may require negotiation in GS2.

That's the application's problem to decide.

I definitely do not think we want every mechanism that supports
binding to a channel to need negotiation for this.


_______________________________________________
Kitten mailing list
Kitten@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

v2.23.0 | Report a Bug | By Email