Security review of draft-ietf-kitten-gssapi-channel-bindings-06
canetti <canetti@post.tau.ac.il> Wed, 01 April 2009 09:19 UTC
Return-Path: <canetti@post.tau.ac.il>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D972128C151 for <kitten@core3.amsl.com>; Wed, 1 Apr 2009 02:19:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.74
X-Spam-Level:
X-Spam-Status: No, score=-0.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cl4wf9pztFFw for <kitten@core3.amsl.com>; Wed, 1 Apr 2009 02:19:11 -0700 (PDT)
Received: from doar.tau.ac.il (gate.tau.ac.il [132.66.16.26]) by core3.amsl.com (Postfix) with ESMTP id F245028C10A for <kitten@ietf.org>; Wed, 1 Apr 2009 02:19:10 -0700 (PDT)
Received: from [132.67.110.213] (lap-canetti1.cs.tau.ac.il [132.67.110.213]) by doar.tau.ac.il (Postfix) with ESMTP id F09BCBEFB; Wed, 1 Apr 2009 12:20:08 +0300 (IDT)
Message-ID: <49D331C6.7000407@post.tau.ac.il>
Date: Wed, 01 Apr 2009 12:20:06 +0300
From: canetti <canetti@post.tau.ac.il>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: secdir@mit.edu, kitten@ietf.org, Ran Canetti <canetti@csail.mit.edu>
Subject: Security review of draft-ietf-kitten-gssapi-channel-bindings-06
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2009 09:19:11 -0000
*I have reviewed this document as part of the security directorate's *ongoing effort to review all IETF documents being processed by the *IESG. These comments were written primarily for the benefit of the *security area directors. Document editors and WG chairs should treat *these comments just like any other last call comments. This is a very short document. It describes a more generic way of formatting the API for channel bindings. The move to a more generic format is welcome. One potential objection here, however, is to the requirement that compliant implementations MUST interpret the API as having the new format. This may have backwards compatibility issues, and for no apparent good reason. It might be better to specify the format so that an implementation will be able to take also older API formats. (Since this is not an interoperability or security-sensitive issue, there seems to be no reason for the IETF to MANDATE one way over another.) Best, Ran
- Security review of draft-ietf-kitten-gssapi-chann… canetti
- Re: [secdir] Security review of draft-ietf-kitten… Jeffrey Hutzelman
- Re: Security review of draft-ietf-kitten-gssapi-c… Nicolas Williams
- Re: Security review of draft-ietf-kitten-gssapi-c… canetti