Re: [kitten] Stating support for HTTP-SASL on the HTTP WG list
Russ Allbery <eagle@eyrie.org> Tue, 07 February 2023 20:09 UTC
Return-Path: <eagle@eyrie.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C2F8C1524C8 for <kitten@ietfa.amsl.com>; Tue, 7 Feb 2023 12:09:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVvmIw2VyouE for <kitten@ietfa.amsl.com>; Tue, 7 Feb 2023 12:09:41 -0800 (PST)
Received: from haven.eyrie.org (haven.eyrie.org [IPv6:2001:470:30:84:e276:63ff:fe62:3539]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34BE6C1522D7 for <kitten@ietf.org>; Tue, 7 Feb 2023 12:09:40 -0800 (PST)
Received: from lothlorien.eyrie.org (unknown [IPv6:2603:3024:160b:400:ae22:bff:fe50:db06]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by haven.eyrie.org (Postfix) with ESMTPS id 68E60118341; Tue, 7 Feb 2023 12:09:38 -0800 (PST)
Received: by lothlorien.eyrie.org (Postfix, from userid 1000) id 5E033B43DBD; Tue, 7 Feb 2023 12:09:35 -0800 (PST)
From: Russ Allbery <eagle@eyrie.org>
To: Simo Sorce <simo@redhat.com>
Cc: Rick van Rein <rick@openfortress.nl>, kitten@ietf.org
In-Reply-To: <01a7f7acc91b3ac1a865c006f4d883ab38d07178.camel@redhat.com> (Simo Sorce's message of "Tue, 07 Feb 2023 15:03:46 -0500")
Organization: The Eyrie
References: <20230127160101.GB635@openfortress.nl> <048e6943f02302bb5cf7b8c55521931ce3748d30.camel@redhat.com> <20230128215854.629841D6333@pb-smtp20.pobox.com> <87a622tdd1.fsf@hope.eyrie.org> <875ycqtcmd.fsf@hope.eyrie.org> <20230207104841.GE30583@openfortress.nl> <01a7f7acc91b3ac1a865c006f4d883ab38d07178.camel@redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Date: Tue, 07 Feb 2023 12:09:35 -0800
Message-ID: <87bkm5fda8.fsf@hope.eyrie.org>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/TPIrZs5OS_RXlvq_0Y2Rk9lvF8Y>
Subject: Re: [kitten] Stating support for HTTP-SASL on the HTTP WG list
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 20:09:45 -0000
Simo Sorce <simo@redhat.com> writes: > Although possible, in many cases this is simply not available, > especially when hardware tokens (HSMs, SmartCards, TPMs) are used to > deal with the cryptography. Yeah, this is exactly the sort of situation that I was wondering about, which is obviously raised by the load-balanced model because those things are tied to a specific piece of hardware. I suppose that means it also applies to any attempt to do stateless negotiation, but it's slightly less obvious because the state is potentially hidden in the hardware token. -- Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>
- [kitten] Stating support for HTTP-SASL on the HTT… Rick van Rein
- Re: [kitten] Stating support for HTTP-SASL on the… stef
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Simo Sorce
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Ken Hornstein
- Re: [kitten] Stating support for HTTP-SASL on the… Russ Allbery
- Re: [kitten] Stating support for HTTP-SASL on the… Russ Allbery
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Rick van Rein
- Re: [kitten] Stating support for HTTP-SASL on the… Rick van Rein
- Re: [kitten] Stating support for HTTP-SASL on the… Rick van Rein
- Re: [kitten] Stating support for HTTP-SASL on the… Rick van Rein
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Simo Sorce
- Re: [kitten] Stating support for HTTP-SASL on the… Russ Allbery
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams
- Re: [kitten] Stating support for HTTP-SASL on the… Ken Hornstein
- Re: [kitten] Stating support for HTTP-SASL on the… Nico Williams