Re: [sasl] MOGGIES Proposed Charter

Nicolas Williams <Nicolas.Williams@oracle.com> Tue, 18 May 2010 19:16 UTC

Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EF2028C181; Tue, 18 May 2010 12:16:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.173
X-Spam-Level:
X-Spam-Status: No, score=-4.173 tagged_above=-999 required=5 tests=[AWL=0.011, BAYES_40=-0.185, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUpMXR1PJxJh; Tue, 18 May 2010 12:16:47 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 898153A6AC0; Tue, 18 May 2010 12:16:47 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4IJGZCN004675 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 18 May 2010 19:16:37 GMT
Received: from acsmt353.oracle.com (acsmt353.oracle.com [141.146.40.153]) by rcsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4IJGVVq022396; Tue, 18 May 2010 19:16:31 GMT
Received: from abhmt004.oracle.com by acsmt355.oracle.com with ESMTP id 277283101274210127; Tue, 18 May 2010 12:15:27 -0700
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 18 May 2010 12:15:26 -0700
Date: Tue, 18 May 2010 14:15:22 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Shawn Emery <shawn.emery@oracle.com>
Subject: Re: [sasl] MOGGIES Proposed Charter
Message-ID: <20100518191521.GL9429@oracle.com>
References: <4BF221C1.2090005@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4BF221C1.2090005@oracle.com>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Auth-Type: Internal IP
X-Source-IP: rcsinet15.oracle.com [148.87.113.117]
X-CT-RefId: str=0001.0A090203.4BF2E796.0097:SCFMA4539811,ss=1,fgs=0
Cc: kitten@ietf.org, Tim Polk <tim.polk@nist.gov>, sasl@ietf.org
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2010 19:16:49 -0000

On Mon, May 17, 2010 at 11:12:33PM -0600, Shawn Emery wrote:
> As discussed; attached is the proposed charter text for a new
> working group (MOGGIES) based on future direction in the GSS-API and
> SASL space.  Please provide any feed-back to the lists by the end of
> May.

I don't love the name (I keep thinking "MOOGIES", which sounds like
something gross :), but I'll live; I have no better suggestions.

> * Specify an interface for reporting the security strength of GSS-API mechanism.

I'd word that differently:

 * Specify an interface for enforcing security strength of GSS-API mechanisms.

The reason is that "reporting the security strength" of something
implies [to me] an absolute measure of security strength, and I don't
think it's possible to degisn a good, _stable_, absolute measure of
security strength.

> This working group will review SASL related submissions as well, including any
> new SASL mechanisms proposed.

New SASL mechanisms?  Why not new GSS-API mechanisms?  Why not close the
WG (and even SASL) to new non-GS2 mechanisms?  Might there be conflicts
with EMU?

Nico
--