Re: [kitten] [Ietf-krb-wg] Channel bindings -- interop issue with GSS_C_AF_*
Nico Williams <nico@cryptonector.com> Wed, 08 June 2011 17:09 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C42721F84F1 for <kitten@ietfa.amsl.com>; Wed, 8 Jun 2011 10:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.18
X-Spam-Level:
X-Spam-Status: No, score=-3.18 tagged_above=-999 required=5 tests=[AWL=-1.203, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XNbICAatt8d5 for <kitten@ietfa.amsl.com>; Wed, 8 Jun 2011 10:09:50 -0700 (PDT)
Received: from homiemail-a29.g.dreamhost.com (mailbigip.dreamhost.com [208.97.132.5]) by ietfa.amsl.com (Postfix) with ESMTP id 0E33B21F84F0 for <kitten@ietf.org>; Wed, 8 Jun 2011 10:09:50 -0700 (PDT)
Received: from homiemail-a29.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTP id B0D94674093 for <kitten@ietf.org>; Wed, 8 Jun 2011 10:09:49 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=kfaIGRK7jkAt5XQqlRZu5u9UdYmnH7zYX8X9fEUFvCjO DeyygUuZZnPspbd3b7h0Pi1VtfbsbGJ7xyQ2GXvGfmfnTGlflLGblZiMNjmph5C8 ezj5M/c5lJ+yxo3EqZHmbYT1pbfKQw3eRrPdToDG0fdwm1KJK4NHOoPp7k96sgo=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=QzllMIvS0sU1G05mIHWD6iZGX14=; b=Z01zLOnbMNE BiBC6lyl+LajzkuJrBzZkRb+f49skY4gJe2aRuSEYArS9uehrU3DP+sPkNptKO+T TGZbzmoM6YIS/Q+SyspImBmdHiFxJ2fRwQ5MSZsElGV0IcA+a69/LHBxKPiRUs8k iwyn9DbQ31nZI3T2LkerLejgebZVkvYE=
Received: from mail-px0-f182.google.com (mail-px0-f182.google.com [209.85.212.182]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTPSA id A44E76740DA for <kitten@ietf.org>; Wed, 8 Jun 2011 10:05:29 -0700 (PDT)
Received: by pxi20 with SMTP id 20so545156pxi.27 for <kitten@ietf.org>; Wed, 08 Jun 2011 10:05:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.37.3 with SMTP id u3mr908868pbj.456.1307552728795; Wed, 08 Jun 2011 10:05:28 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Wed, 8 Jun 2011 10:05:28 -0700 (PDT)
In-Reply-To: <tslvcwg2rdo.fsf@mit.edu>
References: <201106071831.p57IVNmb010502@fs4113.wdf.sap.corp> <201106071900.p57J0uCN012135@fs4113.wdf.sap.corp> <D5847DD823005F4E9DB94FE77DCEDF680FEE75C2@ALVMBXW01.prod.quest.corp> <87oc29xrtn.fsf@latte.josefsson.org> <BANLkTinvrZioQjwgqy9_jmFqHFvFMyCyaw@mail.gmail.com> <tslvcwg2rdo.fsf@mit.edu>
Date: Wed, 08 Jun 2011 12:05:28 -0500
Message-ID: <BANLkTinhUYjQt1GN94MdSwitDu3WO5FJ_A@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: kitten@ietf.org, Simon Josefsson <simon@josefsson.org>, "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [kitten] [Ietf-krb-wg] Channel bindings -- interop issue with GSS_C_AF_*
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2011 17:09:50 -0000
On Wed, Jun 8, 2011 at 11:57 AM, Sam Hartman <hartmans-ietf@mit.edu> wrote: > I think RFC 2744 chose the wrong constant for nulladdr; it should have > been 0 not 255. I think we need to update RFC 2744 and 5554. > I believe that I'm agnostic as to that. I don't mind saying "must use GSS_C_AF_UNSPEC and null addresses" and leaving RFC2744 alone. > 1) Mechanism implementations should collapse unspecified address with no > actual data and null address together > > 2) The Kerberos mechanism should do so in a manner compatible with > Microsoft Agreed, though (2) subsumes (1). > 3) We need to explicitly specify what applications should do here. > > If someone argues that we cannot make incompatible changes to 2744, I > respond that compatibility with the implementations we know about is > more important to me than compatibility with the spec and if forced to > choose I will choose the implementations. +1 Nico --
- Re: [kitten] [Ietf-krb-wg] Channel bindings -- in… Nico Williams
- Re: [kitten] [Ietf-krb-wg] Channel bindings -- in… Sam Hartman
- Re: [kitten] [Ietf-krb-wg] Channel bindings -- in… Nico Williams
- Re: [kitten] [Ietf-krb-wg] Channel bindings -- in… Nico Williams
- Re: [kitten] [Ietf-krb-wg] Channel bindings -- in… Thomas Maslen
- Re: [kitten] [Ietf-krb-wg] Channel bindings -- in… Nico Williams
- Re: [kitten] [Ietf-krb-wg] Channel bindings -- in… Martin Rex