IETF Logo Mail Archive

Re: KITTEN: IETF 75 - 76

Love Hörnquist Åstrand <lha@kth.se> Wed, 19 August 2009 04:01 UTC

Return-Path: <lha@kth.se>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 00F2D3A6A50 for <kitten@core3.amsl.com>; Tue, 18 Aug 2009 21:01:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.88
X-Spam-Level:
X-Spam-Status: No, score=-4.88 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DATE_IN_PAST_06_12=1.069, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GbV0ZhXMRR20 for <kitten@core3.amsl.com>; Tue, 18 Aug 2009 21:01:52 -0700 (PDT)
Received: from smtp-2.sys.kth.se (smtp-2.sys.kth.se [130.237.32.160]) by core3.amsl.com (Postfix) with ESMTP id 24F993A6A24 for <kitten@ietf.org>; Tue, 18 Aug 2009 21:01:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp-2.sys.kth.se (Postfix) with ESMTP id 13E7C14ED4B; Wed, 19 Aug 2009 06:01:27 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from smtp-2.sys.kth.se ([127.0.0.1]) by localhost (smtp-2.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Hf0IZOkF6jDe; Wed, 19 Aug 2009 06:01:26 +0200 (CEST)
Received: from [10.0.1.3] (99-52-202-108.lightspeed.snjsca.sbcglobal.net [99.52.202.108]) by smtp-2.sys.kth.se (Postfix) with ESMTP id F33DF14ED3A; Wed, 19 Aug 2009 06:01:24 +0200 (CEST)
Subject: Re: KITTEN: IETF 75 - 76
Mime-Version: 1.0 (Apple Message framework v1075.2)
Content-Type: text/plain; charset="us-ascii"; format="flowed"; delsp="yes"
From: Love Hörnquist Åstrand <lha@kth.se>
In-Reply-To: <20090817172632.GT1043@Sun.COM>
Date: Tue, 18 Aug 2009 11:09:39 -0700
Content-Transfer-Encoding: 7bit
Message-Id: <23BA3749-5F9A-46AC-B4BB-BB7188F9261A@kth.se>
References: <4A87A69A.3050408@sun.com> <20090816235122.GP1043@Sun.COM> <77312362-85D0-4BDC-AD16-28450B38C5CB@kth.se> <20090817172632.GT1043@Sun.COM>
To: Nicolas Williams <Nicolas.Williams@sun.com>
X-Mailer: Apple Mail (2.1075.2)
Cc: "kitten@ietf.org" <kitten@ietf.org>, Shawn M Emery <Shawn.Emery@sun.com>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2009 04:01:53 -0000

17 aug 2009 kl. 10:26 skrev Nicolas Williams:

> Acceptors with creds for multiple principals have little choice but to
> use GSS_C_NO_CREDENTIAL and check the resulting security context to  
> see
> if the acceptor principal (and mech, and, if we ever add it, QoP  
> policy)
> is acceptable to the app.  That's lame.  I'd rather be able to  
> acquire a
> CREDENTIAL HANDLE for all the principals I'm willing to accept sec
> contexts for and then use that.
>
> The GSS-API concept of CREDENTIAL HANDLEs is a set of credentials for
> the same principal, but different mechanisms.  Changing this to  
> allow it
> to be a set of credentials for any {mechanism, principal} seems...
> difficult, but perhaps fun anyways.

I don't care about this now, its not a problem I ever run in to.

In fact, I mostly run into the problem that app developer specify a  
credential handle, and for that reason the application doesn't work  
with aliases and other mechs that the app author though about.

Love

v2.23.0 | Report a Bug | By Email