Re: KITTEN: IETF 75 - 76
Love Hörnquist Åstrand <lha@kth.se> Mon, 17 August 2009 16:50 UTC
Return-Path: <lha@kth.se>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7D83428C277 for <kitten@core3.amsl.com>; Mon, 17 Aug 2009 09:50:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.949
X-Spam-Level:
X-Spam-Status: No, score=-5.949 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzLmBmdyCbGE for <kitten@core3.amsl.com>; Mon, 17 Aug 2009 09:50:18 -0700 (PDT)
Received: from smtp-1.sys.kth.se (smtp-1.sys.kth.se [130.237.32.175]) by core3.amsl.com (Postfix) with ESMTP id 5274428C288 for <kitten@ietf.org>; Mon, 17 Aug 2009 09:50:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp-1.sys.kth.se (Postfix) with ESMTP id 77AC9155B56; Mon, 17 Aug 2009 18:49:50 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from smtp-1.sys.kth.se ([127.0.0.1]) by localhost (smtp-1.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 9AhRaeE40+5l; Mon, 17 Aug 2009 18:49:48 +0200 (CEST)
Received: from [10.0.1.6] (c80-216-69-25.bredband.comhem.se [80.216.69.25]) by smtp-1.sys.kth.se (Postfix) with ESMTP id 436D615590F; Mon, 17 Aug 2009 18:49:39 +0200 (CEST)
Subject: Re: KITTEN: IETF 75 - 76
Mime-Version: 1.0 (Apple Message framework v1075.2)
Content-Type: multipart/alternative; boundary="Apple-Mail-183--509845363"
From: Love Hörnquist Åstrand <lha@kth.se>
In-Reply-To: <20090816235122.GP1043@Sun.COM>
Date: Mon, 17 Aug 2009 18:49:37 +0200
Message-Id: <77312362-85D0-4BDC-AD16-28450B38C5CB@kth.se>
References: <4A87A69A.3050408@sun.com> <20090816235122.GP1043@Sun.COM>
To: Nicolas Williams <Nicolas.Williams@sun.com>
X-Mailer: Apple Mail (2.1075.2)
Cc: "kitten@ietf.org" <kitten@ietf.org>, Shawn M Emery <Shawn.Emery@sun.com>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2009 16:50:20 -0000
17 aug 2009 kl. 01:51 skrev Nicolas Williams: > On Sun, Aug 16, 2009 at 12:26:34AM -0600, Shawn M Emery wrote: >> Love had given a set of new work items that would be of interest, as >> follows: >> >> 1. initialization/new credentials >> 2. listing/iterating credentials >> 3. exporting/importing credentials > > (1) is a complex matter as it requires interaction with users and > needs > to cover such things as principal name, password, new password, PIN, > PIN > change and other prompts. A design is certainly possible. > > (2) is really listing of principal names for which the caller has > credentials (we can already list mechanisms for which the caller has > credentials). This is likely a difficult thing to design since we > will > want to be able to control what principals GSS_Accept_sec_context() > can > accept sec contexts for, and that means a significant revamp of the > semantics of CREDENTIAL HANDLEs _or_ a replacement for > GSS_Accept_sec_context(). accept sec context is not really intresting since it doesn't make thinks not work. init sec context however it mostly useless since the consumers don't know about what credentials they have. have a list of mechs there is credentials for is also mostly useless, i have lha@SU.SE (Kerberos), SU.SE\lha (NTLM), KTH.SE (Kerberos) E.KTH.SE (sasl-digest-md5), lha@LKDC.SHA1:EA35DAB08BD8EC833C160FAFCDF03E4B13F72D6B (Kerberos) any many other, knowing that I have some Kerberos credentals is mostly useless. Its not even possible to build ui to do specific selection, or selection other then providing a text field that you can do gss_import_name(GSS_C_NT_USER) on and hope that it work. >> 4. error message reporting > > Yes. (I still believe in the "PGSSAPI" idea where, in the C bindings, > we change the semantics and type of the minor_status argument, > though in > a binary backwards compatible way. I can expand if desired.) Lets redo the api, ISC is broken as it since there is no way to add new tokens. >> 5. asynchronous calls > > Developers can use threads to work around the lack of these, so it > seems > to me that these should be a lower priority. I disagree, threads consume lots of resources that and are very complicated to use. >> ...along with Alexey's recent request for policy/encryption strength. > > Yes. This should be, IMO, a high priority. And not over engineered. Let's solve the SASL problem and nothing more. >> We are looking for authors and editors for any of these new items or >> something else that you would like to see developed within KITTEN. > > I'll edit, but I need co-authors who'll contribute text, API designs, > and energy to the list. Love
- KITTEN: IETF 75 - 76 Shawn M Emery
- Re: KITTEN: IETF 75 - 76 Alexey Melnikov
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Leif Johansson
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Martin Rex
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Shawn M Emery
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Stefan (metze) Metzmacher
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Jeffrey Hutzelman
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Jeffrey Hutzelman
- Re: KITTEN: IETF 75 - 76 Michael B Allen
- Re: KITTEN: IETF 75 - 76 Nicolas Williams
- Re: KITTEN: IETF 75 - 76 Jeffrey Hutzelman
- Re: KITTEN: IETF 75 - 76 Volker Lendecke
- Re: KITTEN: IETF 75 - 76 Volker Lendecke