IETF Logo Mail Archive

Re: [kitten] New Version Notification for draft-howard-gss-sanon-01.txt

Nico Williams <nico@cryptonector.com> Tue, 07 April 2020 02:37 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C6013A138A for <kitten@ietfa.amsl.com>; Mon, 6 Apr 2020 19:37:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tuC7KpZcbeXA for <kitten@ietfa.amsl.com>; Mon, 6 Apr 2020 19:37:32 -0700 (PDT)
Received: from aye.elm.relay.mailchannels.net (aye.elm.relay.mailchannels.net [23.83.212.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EB343A1389 for <kitten@ietf.org>; Mon, 6 Apr 2020 19:37:32 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id CA8AA180FFB; Tue, 7 Apr 2020 02:37:31 +0000 (UTC)
Received: from pdx1-sub0-mail-a56.g.dreamhost.com (100-96-14-12.trex.outbound.svc.cluster.local [100.96.14.12]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 6833A180F77; Tue, 7 Apr 2020 02:37:31 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a56.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.6); Tue, 07 Apr 2020 02:37:31 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Trouble-Cooing: 42a2ab724668af13_1586227051682_3946716706
X-MC-Loop-Signature: 1586227051682:3870010139
X-MC-Ingress-Time: 1586227051682
Received: from pdx1-sub0-mail-a56.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a56.g.dreamhost.com (Postfix) with ESMTP id 271CA8487F; Mon, 6 Apr 2020 19:37:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=I7kvVCsWFXUcQo 4bFymC/m35xY0=; b=AXqZsOx293Heco7Vx64wRMEXVDofiRqqjL0nXA7Cf4LTh7 sQM6XCzC2hkJaDSPsB/H12PtflWlD73OuoPxcj7feA/VfuNZzFG/NPg0fPesh1Vx dR1oAvoi/c6shqT4FtV5jYhzxApI22RghuZh4kJp2fZfs+Wf6D4OtYXzRTxNE=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a56.g.dreamhost.com (Postfix) with ESMTPSA id DC44C8487E; Mon, 6 Apr 2020 19:37:28 -0700 (PDT)
Date: Mon, 06 Apr 2020 21:37:25 -0500
X-DH-BACKEND: pdx1-sub0-mail-a56
From: Nico Williams <nico@cryptonector.com>
To: Jeffrey E Altman <jaltman@auristor.com>
Cc: Luke Howard <lukeh@padl.com>, "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <20200407023724.GR18021@localhost>
References: <158604472122.27168.16112727090339772628@ietfa.amsl.com> <B2497A4F-81B3-42F9-AED1-CFECF1D9F7C0@padl.com> <20200405234929.GD18021@localhost> <38ED72E1-3361-4242-9923-C3BE61698BE0@padl.com> <20200406011026.GG18021@localhost> <E5951DC2-569F-48FB-8458-50D0CC8A4BAC@padl.com> <4E7EFAC6-3E51-4FC7-B0F1-2F886BBC1F56@lukehoward.com> <20200406152828.GK18021@localhost> <47052E79-71C9-482E-AF42-D46C44F9AA47@padl.com> <ccc68323-89a7-0bc8-a0b2-b785effb2752@auristor.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <ccc68323-89a7-0bc8-a0b2-b785effb2752@auristor.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedrudeggdehjecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomh
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/Uekqd0y_u6gITbGqoMSx_lq4XpY>
Subject: Re: [kitten] New Version Notification for draft-howard-gss-sanon-01.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2020 02:37:34 -0000

On Mon, Apr 06, 2020 at 09:51:40PM -0400, Jeffrey E Altman wrote:
> On 4/6/2020 6:59 PM, Luke Howard wrote:
> > Jeff suggests informational track.
> 
> In my opinion getting something shipped quickly requires a private
> organization oid and informational track.   We should publish NegoEx as
> informational as well since we are going to depend on it.

I don't think anything prevents quick publication, whether on the
Experimental or Informational tracks.

> I don't think there is any benefit to experimental since NegoEx is
> unpublished.  I suspect that all of the original Microsoft editors have
> moved on.

I don't see how NegoEx not being an RFC has anything to do with which of
Experimental or Informational this I-D goes onto.

> I don't believe that SAnon is a good choice for SPNEGO.  One reason I
> want to negotiate it under NegoEx is to prefer krb5-anon if its
> configured and only use SAnon for the case where krb5-anon is unavailable.

Apps can set preference.  Otherwise local configuration can set
preference.  NegoEx or no NegoEx makes no difference to this.  The only
reason to discuss NegoEx at all is that Windows apparently insists on it
for new mechanisms, but as we have NegoEx widely implemented now, it
almost doesn't matter.

v2.23.0 | Report a Bug | By Email