IETF Logo Mail Archive

Re: [Ietf-krb-wg] Review of draft-sorce-krbwg-general-pac-02

Nico Williams <nico@cryptonector.com> Tue, 05 July 2011 20:38 UTC

Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 250BC21F88EF for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Tue, 5 Jul 2011 13:38:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.61
X-Spam-Level:
X-Spam-Status: No, score=-4.61 tagged_above=-999 required=5 tests=[AWL=1.367, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTlKLUm5Qo-k for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Tue, 5 Jul 2011 13:38:47 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 5CACD21F88D2 for <krb-wg-archive@lists.ietf.org>; Tue, 5 Jul 2011 13:38:47 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 024C184; Tue, 5 Jul 2011 15:38:47 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id CF0F476; Tue, 5 Jul 2011 15:38:46 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id AB98880E9C; Tue, 5 Jul 2011 15:38:46 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 3DA1780E88 for <ietf-krb-wg@lists.anl.gov>; Tue, 5 Jul 2011 15:38:45 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 2348A7CC09A; Tue, 5 Jul 2011 15:38:45 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17144-01-4; Tue, 5 Jul 2011 15:38:45 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id C6B9D7CC0B4 for <ietf-krb-wg@lists.anl.gov>; Tue, 5 Jul 2011 15:38:44 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjsDAAN2E07QYYRCcGdsb2JhbAAzChYQhDKjPxwBDAgOBxQDIoh6pk2LaIMQjV8BBIErg3+BDIdDineMIzyDIFU
X-IronPort-AV: E=Sophos;i="4.65,481,1304312400"; d="scan'208";a="62921654"
Received: from caiajhbdcagg.dreamhost.com (HELO homiemail-a24.g.dreamhost.com) ([208.97.132.66]) by mailgateway.anl.gov with ESMTP; 05 Jul 2011 15:38:44 -0500
Received: from homiemail-a24.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a24.g.dreamhost.com (Postfix) with ESMTP id 0681C2C8075 for <ietf-krb-wg@lists.anl.gov>; Tue, 5 Jul 2011 13:38:44 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=Zy+g51tTHcLk1s3vpVsaW X2Z7jJMdu/C5kZBKneCQZOSKP7CkRkZdLd4S2YImK9lrBPBxGtmGe7gzoq0c+4q3 XfYmXWlteLBmaL+XwXLm75ACd2J6uxZxbVINkn735F3Ea/ntAezwquDoC8wLcqdu abBrqja6x9yik2juXMuJs8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=lgEgd+FZkNx6/YEi0BJn 7jHSwHE=; b=L4oWdHS+LHc5xhStesVtYZADsftMCMOWR3TtCElWrKPIESrP51MK Ecy6TzqXpEEYCIS0kAdmJBMPs50GEozAIgzfEaEV9/i6rbVTRagshtgw8e3C0W/1 +aEILrtzhHOynMJNTjtgA8+tgKVV4Z569K11LYVGleeg+v+MUHA1mrc=
Received: from mail-pz0-f47.google.com (mail-pz0-f47.google.com [209.85.210.47]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a24.g.dreamhost.com (Postfix) with ESMTPSA id CF27B2C806E for <ietf-krb-wg@lists.anl.gov>; Tue, 5 Jul 2011 13:38:43 -0700 (PDT)
Received: by pzk36 with SMTP id 36so4079044pzk.20 for <ietf-krb-wg@lists.anl.gov>; Tue, 05 Jul 2011 13:38:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.44.161 with SMTP id f1mr9555003pbm.186.1309898323460; Tue, 05 Jul 2011 13:38:43 -0700 (PDT)
Received: by 10.68.50.231 with HTTP; Tue, 5 Jul 2011 13:38:43 -0700 (PDT)
In-Reply-To: <CA262E7D.DCF2%cantor.2@osu.edu>
References: <1308660271.25324.20.camel@willson.li.ssimo.org> <CA262E7D.DCF2%cantor.2@osu.edu>
Date: Tue, 05 Jul 2011 15:38:43 -0500
Message-ID: <CAK3OfOj7bP-+VYjX1f-YgpcPr0J8kEnJJG2tkzCbWTkMmFBtgw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: "Cantor, Scott E." <cantor.2@osu.edu>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@lists.anl.gov" <ietf-krb-wg@lists.anl.gov>, Simo Sorce <simo@redhat.com>
Subject: Re: [Ietf-krb-wg] Review of draft-sorce-krbwg-general-pac-02
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Tue, Jun 21, 2011 at 10:20 AM, Cantor, Scott E. <cantor.2@osu.edu> wrote:
>>>It is worth noting that the SAML Assertion element has the semantics
>>> described in section 5.1 ("PAD Format"); consequently, in principle a
>>>SAML
>>> attribute assertion could be used as the PAD payload.
>
> Perhaps somebody should simply define an ASN.1 encoding for SAML
> assertions.

Well, there's XER (XML encoding rules for ASN.1) and FastInfoSet,
which is an application of PER (ASN.1 Packed Encoding Rules) to an
ASN.1 module derived from an XML schema.  Thus it's possible to
convert between ASN.1 and XML.

The key issue is: does the necessary toolchain exist?  Probably not.
I believe the right thing to do here is to use ASN.1 with DER, because
we have tools for that (e.g., Heimdal's ASN.1 compiler).

> The encoding is unimportant. The semantics are where all the interesting
> code lives.

+1, though I'll add that the availability of tools is an important factor.

Nico
--
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

v2.23.0 | Report a Bug | By Email