Re: [kitten] I-D Action: draft-ietf-kitten-sasl-saml-ec-12.txt
Benjamin Kaduk <kaduk@MIT.EDU> Wed, 07 January 2015 21:12 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE9A1A1BA4 for <kitten@ietfa.amsl.com>; Wed, 7 Jan 2015 13:12:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RBA5A_a3-UKv for <kitten@ietfa.amsl.com>; Wed, 7 Jan 2015 13:12:10 -0800 (PST)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id E6BF61A1B9C for <kitten@ietf.org>; Wed, 7 Jan 2015 13:12:07 -0800 (PST)
X-AuditID: 12074422-f79476d000000d9e-0f-54ada1267d4c
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id D7.CD.03486.621ADA45; Wed, 7 Jan 2015 16:12:06 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id t07LC5xQ021212; Wed, 7 Jan 2015 16:12:06 -0500
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t07LC3uN013587 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 7 Jan 2015 16:12:05 -0500
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t07LC3D3011901; Wed, 7 Jan 2015 16:12:03 -0500 (EST)
Date: Wed, 07 Jan 2015 16:12:03 -0500
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: "Cantor, Scott" <cantor.2@osu.edu>
In-Reply-To: <8C695AC1-CC85-46AC-8D0A-9494514D03B7@osu.edu>
Message-ID: <alpine.GSO.1.10.1501071423250.23489@multics.mit.edu>
References: <20141229171240.971.24324.idtracker@ietfa.amsl.com> <8C695AC1-CC85-46AC-8D0A-9494514D03B7@osu.edu>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrDIsWRmVeSWpSXmKPExsUixG6nrqu2cG2IwaHlWhYtR8Qtjm5exeLA 5LFkyU8mj+ary9kDmKK4bFJSczLLUov07RK4Mj7c/MBS8I2rYvu5JcwNjDc5uhg5OSQETCR2 LT3DAmGLSVy4t56ti5GLQ0hgMZPEzUcrWSGcDYwSr6+vhnIOMkmcaj0F1iIkUC9x5Mk+RhCb RUBLouHKEXYQm01ARWLmm41sILaIgJrE6gVvmUFsZgF1iW9n3oDVCwu4S3Q/PAI2h1PAWuLD qy2sIDavgKPEse7fjBDz8yT2LN0OFhcV0JFYvX8KC0SNoMTJmU9YIGZqSSyfvo1lAqPgLCSp WUhSCxiZVjHKpuRW6eYmZuYUpybrFicn5uWlFuma6uVmluilppRuYgQHqovSDsafB5UOMQpw MCrx8Bb0rQkRYk0sK67MPcQoycGkJMp7bNbaECG+pPyUyozE4oz4otKc1OJDjBIczEoivGvb gHK8KYmVValF+TApaQ4WJXHeTT/4QoQE0hNLUrNTUwtSi2CyMhwcShK8F+YDNQoWpaanVqRl 5pQgpJk4OEGG8wANXwBSw1tckJhbnJkOkT/FqCglDtEsAJLIKM2D64UlkleM4kCvCPMeBani ASYhuO5XQIOZgAZnLV8NMrgkESEl1cDIPruhoPqX2A6t8vKwLhU5lde792o/5s5SuVjMLttS YdBzq4VBLPRHxmrPlB8Tnh7Jb96peqerwkZ91zTuAL4nMXviq2xK9qX2vZztktuy+NPdU1mq RQtNRBkenOrpWP55s2uPSE36xyPXXT5c9r1xXOyNpucijdRJy4VWRQby1lQ3703JWK7EUpyR aKjFXFScCAD7HQ40/wIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/Z6Vx-Us_p0UB28DklZ3VotUp1x0
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] I-D Action: draft-ietf-kitten-sasl-saml-ec-12.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jan 2015 21:12:12 -0000
On Mon, 29 Dec 2014, Cantor, Scott wrote: > Apologies for the 9 month delay, but I've finally produced a new draft in > response to comments from Sam and others back in March (thread name > comments on draft-ietf-kitten-sasl-saml-ec, started by Sam). > > Most importantly, this corrects a normative error by changing the > dependency on the 4161 enctype names into numbers. > > I attempted to address all of the comments in one form or another, but > it's been long enough that this needs a fresh review anyway. Thanks for the updates. Looking at the diff, I get the sense that for the service names, you want people to use the text that would be input to gss_import_name() -- the actual gss_name_t should not be involved in processing at all. It might be helpful to call that out. (It also means that applications will not need to know about the GSS_C_NT_HOSTBASED_SERVICE symbol, though you probably still want to include that string in the discussion in the text.) Skimming through the document itself, "without relying on flawed commercial TLS infrastructure" may be true, but may also engender some objections. I make no recommendation for or against the text at this time. Nothing really jumps out at me from that, so it seems ready for a more in-depth review as far as I can tell. I'm not sure how soon I'll have time for that, of course... -Ben
- [kitten] I-D Action: draft-ietf-kitten-sasl-saml-… internet-drafts
- Re: [kitten] I-D Action: draft-ietf-kitten-sasl-s… Cantor, Scott
- Re: [kitten] I-D Action: draft-ietf-kitten-sasl-s… Benjamin Kaduk
- Re: [kitten] I-D Action: draft-ietf-kitten-sasl-s… Cantor, Scott