Re: KITTEN: IETF 75 - 76
Nicolas Williams <Nicolas.Williams@sun.com> Wed, 19 August 2009 16:50 UTC
Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 24F8A3A6889 for <kitten@core3.amsl.com>; Wed, 19 Aug 2009 09:50:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.773
X-Spam-Level:
X-Spam-Status: No, score=-5.773 tagged_above=-999 required=5 tests=[AWL=-0.027, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M+uBIWIcsvWB for <kitten@core3.amsl.com>; Wed, 19 Aug 2009 09:50:49 -0700 (PDT)
Received: from sca-ea-mail-4.sun.com (sca-ea-mail-4.Sun.COM [192.18.43.22]) by core3.amsl.com (Postfix) with ESMTP id E67473A69E7 for <kitten@ietf.org>; Wed, 19 Aug 2009 09:50:48 -0700 (PDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by sca-ea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n7JGorwI026863 for <kitten@ietf.org>; Wed, 19 Aug 2009 16:50:53 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n7JGoraQ054475 for <kitten@ietf.org>; Wed, 19 Aug 2009 10:50:53 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n7JGeBQk004040; Wed, 19 Aug 2009 11:40:11 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n7JGeBBH004039; Wed, 19 Aug 2009 11:40:11 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Wed, 19 Aug 2009 11:40:11 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Love Hörnquist Åstrand <lha@kth.se>
Subject: Re: KITTEN: IETF 75 - 76
Message-ID: <20090819164010.GE1043@Sun.COM>
References: <4A87A69A.3050408@sun.com> <20090816235122.GP1043@Sun.COM> <77312362-85D0-4BDC-AD16-28450B38C5CB@kth.se> <20090817172632.GT1043@Sun.COM> <2E7A7B76-CF8C-4213-8300-3325E414204F@kth.se>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2E7A7B76-CF8C-4213-8300-3325E414204F@kth.se>
User-Agent: Mutt/1.5.7i
Cc: "kitten@ietf.org" <kitten@ietf.org>, Shawn M Emery <Shawn.Emery@sun.com>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2009 16:50:50 -0000
On Tue, Aug 18, 2009 at 11:05:03AM -0700, Love Hörnquist Åstrand wrote: > I find PGSSAPI very distasteful. If we could go back in time and make that first argument to all GSS functions be an opaque pointer, a handle to an abstract app/lib context, that'd be OK, yes? I'm proposing that we do just that, only without the time travel part, and with just a bit of backwards compatibility in the mechglue to detect old apps / old mechs that expect that argument to be a OM_uint32 *. That bit of backwards compatibility would be quite isolated, and it'd be very similar to existing code in MIT krb5 to intern handles (in order to distinguish between old apps and new ones, properly obtained handles would have to be interned). > >Also, I don't agree that there's no way to add new token types, if > >that's what you meant. You could add support for new tokens (e.g., > >re-key tokens, default QoP cipher change, ...) as follows: > > There is no way to add more input variables to ISC. Indeed. > ISC have been extended to day, for example for NFS. you have to > acquire a special NFS credentials, modify the credential to select > what enctypes the kernel supports, and then call ISC. This doesn't > work for credential when you talk to different servers that have > diffrent properties, like TLS channel bindings. Yes. > I'm not worried about rekeying, if you want to tackle that we are > redoing the whole gss-api model. Not really. The SSPI does it, and the SSPI is very similar to the GSS-API. Re-keying would be an incremental change, not a fundamental one (but it would require updates to app protocols in order for them to be able to use it). For SASL re-keying would be much more intrusive . No, I don't care about re-keying.
- KITTEN: IETF 75 - 76 Shawn M Emery
- Re: KITTEN: IETF 75 - 76 Alexey Melnikov
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Leif Johansson
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Shawn M Emery
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Stefan (metze) Metzmacher
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Jeffrey Hutzelman
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Jeffrey Hutzelman
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Jeffrey Hutzelman
- Re: KITTEN: IETF 75 - 76 Volker Lendecke
- Re: KITTEN: IETF 75 - 76 Volker Lendecke