IETF Logo Mail Archive

Re: KITTEN: IETF 75 - 76

Love Hörnquist Åstrand <lha@kth.se> Wed, 19 August 2009 04:01 UTC

Return-Path: <lha@kth.se>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC0313A6A4E for <kitten@core3.amsl.com>; Tue, 18 Aug 2009 21:01:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.88
X-Spam-Level:
X-Spam-Status: No, score=-4.88 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DATE_IN_PAST_06_12=1.069, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dajbTBbTeGRJ for <kitten@core3.amsl.com>; Tue, 18 Aug 2009 21:01:40 -0700 (PDT)
Received: from smtp-2.sys.kth.se (smtp-2.sys.kth.se [130.237.32.160]) by core3.amsl.com (Postfix) with ESMTP id 17F923A6874 for <kitten@ietf.org>; Tue, 18 Aug 2009 21:01:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp-2.sys.kth.se (Postfix) with ESMTP id 0793214EE72; Wed, 19 Aug 2009 06:01:15 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from smtp-2.sys.kth.se ([127.0.0.1]) by localhost (smtp-2.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id BrObSOnxn0Jt; Wed, 19 Aug 2009 06:01:13 +0200 (CEST)
Received: from [10.0.1.3] (99-52-202-108.lightspeed.snjsca.sbcglobal.net [99.52.202.108]) by smtp-2.sys.kth.se (Postfix) with ESMTP id 7DA9A14EAD8; Wed, 19 Aug 2009 06:01:12 +0200 (CEST)
Subject: Re: KITTEN: IETF 75 - 76
Mime-Version: 1.0 (Apple Message framework v1075.2)
Content-Type: text/plain; charset="us-ascii"; format="flowed"; delsp="yes"
From: Love Hörnquist Åstrand <lha@kth.se>
In-Reply-To: <20090817172632.GT1043@Sun.COM>
Date: Tue, 18 Aug 2009 11:05:03 -0700
Content-Transfer-Encoding: 7bit
Message-Id: <2E7A7B76-CF8C-4213-8300-3325E414204F@kth.se>
References: <4A87A69A.3050408@sun.com> <20090816235122.GP1043@Sun.COM> <77312362-85D0-4BDC-AD16-28450B38C5CB@kth.se> <20090817172632.GT1043@Sun.COM>
To: Nicolas Williams <Nicolas.Williams@sun.com>
X-Mailer: Apple Mail (2.1075.2)
Cc: "kitten@ietf.org" <kitten@ietf.org>, Shawn M Emery <Shawn.Emery@sun.com>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2009 04:01:41 -0000

17 aug 2009 kl. 10:26 skrev Nicolas Williams:

> ISC?

init sec context.

> I don't want to re-design the API from scratch if we can avoid it.

if we are doing an async api, its redoing the api.

> Moreover, all of the enhancements we're discussing are incremental,
> _except_ for this one and the multi-princ credentials one; this one  
> fits
> right in as proposed above, and we can solve the multi-princ  
> credentials
> problem incrementally too.  If we had more problems to fix that are  
> not
> incremental then I'd agree on a whole re-design.

I find PGSSAPI very distasteful.

> Also, I don't agree that there's no way to add new token types, if
> that's what you meant.  You could add support for new tokens (e.g.,
> re-key tokens, default QoP cipher change, ...) as follows:

There is no way to add more input variables to ISC.

ISC have been extended to day, for example for NFS. you have to  
acquire a special NFS credentials, modify the credential to select  
what enctypes the kernel supports, and then call ISC. This doesn't  
work for credential when you talk to different servers that have  
diffrent properties, like TLS channel bindings.

I'm not worried about rekeying, if you want to tackle that we are  
redoing the whole gss-api model.

Love

v2.23.0 | Report a Bug | By Email