Re: [saag] Kitten Summary - IETF 86
Nico Williams <nico@cryptonector.com> Thu, 14 March 2013 18:18 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E39911E81C0 for <saag@ietfa.amsl.com>; Thu, 14 Mar 2013 11:18:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uPwWlbKxdmA8 for <saag@ietfa.amsl.com>; Thu, 14 Mar 2013 11:18:07 -0700 (PDT)
Received: from homiemail-a85.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207]) by ietfa.amsl.com (Postfix) with ESMTP id 6B82111E80E9 for <saag@ietf.org>; Thu, 14 Mar 2013 11:18:06 -0700 (PDT)
Received: from homiemail-a85.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTP id 2CCD4BC049 for <saag@ietf.org>; Thu, 14 Mar 2013 11:18:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=dGIy32zgO027fGevlDSw t/24PFk=; b=n5c/HySCwSCZyw/9TSrCB7ndYwpZRY8s8CEa32pvPo/CmeYNNI8c 8INzeUsFyGp/8OzoRmlAk3JdjYSAgyD9MOefvwXs5qERpaAd8Upebbp1Q2LhUnuU fvVWG2UO0tN6y2qeBaAi6FyCf09FO6hRS3oUseOl5LJFA8axEQGE3XA=
Received: from mail-ie0-f180.google.com (mail-ie0-f180.google.com [209.85.223.180]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTPSA id 17408BC047 for <saag@ietf.org>; Thu, 14 Mar 2013 11:18:06 -0700 (PDT)
Received: by mail-ie0-f180.google.com with SMTP id bn7so3351561ieb.25 for <saag@ietf.org>; Thu, 14 Mar 2013 11:18:05 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.50.181.201 with SMTP id dy9mr3193637igc.18.1363285085536; Thu, 14 Mar 2013 11:18:05 -0700 (PDT)
Received: by 10.64.252.106 with HTTP; Thu, 14 Mar 2013 11:18:05 -0700 (PDT)
In-Reply-To: <5142118B.60100@oracle.com>
References: <51420230.2010106@oracle.com> <5142118B.60100@oracle.com>
Date: Thu, 14 Mar 2013 13:18:05 -0500
Message-ID: <CAK3OfOi4=VXCFX2rakkhQSwfTU9eGku_ZOnCiBgEH1QrsjzSjw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Shawn M Emery <shawn.emery@oracle.com>
Content-Type: text/plain; charset="UTF-8"
Cc: saag@ietf.org
Subject: Re: [saag] Kitten Summary - IETF 86
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 18:18:07 -0000
On Thu, Mar 14, 2013 at 1:06 PM, Shawn M Emery <shawn.emery@oracle.com> wrote: > The WG met for the morning session on Thursday (3.14.13). Sorry I could not attend. > draft-ietf-kitten-sasl-oauth > ---------------------------- > Jeff Hutzelman had made WGLC comments that entail an GSS-API abstract > violation due to the > use of the mutual authentication state to indicate that the application, not > the mechanism > has performed mutual authentication. The other two SASL mechanisms, OpenID > and SAML, > have similar issues. It was decided that there should be an interim meeting > to discuss > whether we update GS2 to provision for these mechanism types or do we remove > the GS2 > capabilities of these SASL mechanisms. Basically, any mechanism that does not do mutual auth could still be used with GS2 if we relax the mutual auth requirement there, but we must not allow such mechanisms to be advertised as -PLUS mechanisms. > draft-williams-kitten-krb5-extra-rt > Would require a recharter. Some of it relates to rcache avoidance, FYI, which is in charter. Mind you, I think we should modify the charter. Also, if mechanism work is in charter then I'd think that maintenance/extensions work on existing mechanisms should be as well. If that's not already clearly stated in the charter, then we should make it so. > draft-williams-kitten-krb5-rcache-avoidance > Already in the current charter. > > draft-yu-kitten-kerberos-kdc-does-aliases > Would require a recharter. I support modifying the charter so we can adopt this I-D (as well as, unsurprisingly, mine). > Open Mic > -------- > No one came forward. FYI, Nathan McCallum has convinced me to specify a subset of the verto API (which is quite simple) for async GSS. > GSS-Profile > ----------- > Sam had commented on this draft as being useful in simplifying the GSS-API. > There were > not enough reviewers in the room to make a call for adoption. Unfortunately > a charter item > (i.e. draft-yu-kitten-api-wishlist) similar to this was previously removed > due to lack of > feed-back or interest. Which I-D was this? draft-williams-gss-profiles? Nico --
- [saag] Kitten Summary - IETF 86 Shawn M Emery
- Re: [saag] Kitten Summary - IETF 86 Nico Williams
- Re: [saag] Kitten Summary - IETF 86 Shawn M Emery
- [saag] Kitten Summary - IETF 87 Shawn M Emery