Re: KITTEN: IETF 75 - 76
Martin Rex <Martin.Rex@sap.com> Wed, 19 August 2009 19:59 UTC
Return-Path: <Martin.Rex@sap.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C63DC3A6F53 for <kitten@core3.amsl.com>; Wed, 19 Aug 2009 12:59:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.739
X-Spam-Level:
X-Spam-Status: No, score=-5.739 tagged_above=-999 required=5 tests=[AWL=0.510, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UC2tQHRNDqMj for <kitten@core3.amsl.com>; Wed, 19 Aug 2009 12:59:32 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 891DF3A6E57 for <kitten@ietf.org>; Wed, 19 Aug 2009 12:58:56 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id n7JJwxNC005036 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Aug 2009 21:58:59 +0200 (MEST)
From: Martin Rex <Martin.Rex@sap.com>
Message-Id: <200908191958.n7JJwwn0029779@fs4113.wdf.sap.corp>
Subject: Re: KITTEN: IETF 75 - 76
To: Nicolas.Williams@sun.com
Date: Wed, 19 Aug 2009 21:58:58 +0200
In-Reply-To: <20090819164010.GE1043@Sun.COM> from "Nicolas Williams" at Aug 19, 9 11:40:11 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal06
X-SAP: out
Cc: kitten@ietf.org, Shawn.Emery@sun.com
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2009 19:59:32 -0000
Nicolas Williams wrote: > > > I'm not worried about rekeying, if you want to tackle that we are > > redoing the whole gss-api model. > > Not really. The SSPI does it, and the SSPI is very similar to the > GSS-API. Re-keying would be an incremental change, not a fundamental > one (but it would require updates to app protocols in order for them to > be able to use it). For SASL re-keying would be much more intrusive . > No, I don't care about re-keying. Re-keying will require re-design of the API. I'm not aware about rekeying being available in SSPI. It must be availabe in some way for schannel, because IIS is able to perform renegotiation in order to request a client cert after having looked at the URL -- but I do not think it exists for NTLM or Kerberos 5 SSPs. If I'm wrong, do you have an URL to the Microsoft documentation describing how it works? In traditional GSS-API it is not possible to modify a security context once it has been established. And a communication might go entirely unidirectional after security context establishment for the rest of its lifetime (e.g. the data channel of an FTP with GSS-API extensions). -Martin
- KITTEN: IETF 75 - 76 Shawn M Emery
- Re: KITTEN: IETF 75 - 76 Alexey Melnikov
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Leif Johansson
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Shawn M Emery
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Stefan (metze) Metzmacher
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Jeffrey Hutzelman
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Jeffrey Hutzelman
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Jeffrey Hutzelman
- Re: KITTEN: IETF 75 - 76 Volker Lendecke
- Re: KITTEN: IETF 75 - 76 Volker Lendecke