IETF Logo Mail Archive

Re: gs2 hashed oids

Arnt Gulbrandsen <arnt@oryx.com> Thu, 08 January 2009 13:46 UTC

Return-Path: <owner-ietf-sasl@mail.imc.org>
X-Original-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Delivered-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 566DC3A6AD4 for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Thu, 8 Jan 2009 05:46:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.527
X-Spam-Level:
X-Spam-Status: No, score=-2.527 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YkqdbclBYneK for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Thu, 8 Jan 2009 05:46:25 -0800 (PST)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 11CB83A6A88 for <sasl-archive-Zoh8yoh9@ietf.org>; Thu, 8 Jan 2009 05:46:24 -0800 (PST)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08DdhwE044680 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 06:39:43 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08DdhVZ044679; Thu, 8 Jan 2009 06:39:43 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from kalyani.oryx.com (kalyani.oryx.com [195.30.37.30]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08DdVmb044670 for <ietf-sasl@imc.org>; Thu, 8 Jan 2009 06:39:42 -0700 (MST) (envelope-from arnt@oryx.com)
Received: from kalyani.oryx.com (localhost.oryx.com [127.0.0.1]) by kalyani.oryx.com (Postfix) with ESMTP id 55AEE4AC68; Thu, 8 Jan 2009 14:39:30 +0100 (CET)
Received: from arnt@oryx.com (HELO lochnagar.oryx.com) by kalyani.oryx.com (Archiveopteryx 3.1.0) with esmtp id 1231421970-75452-1/6/5 for ietf-sasl@imc.org; Thu, 8 Jan 2009 14:39:30 +0100
Message-Id: <IOhp6hv/VOc/CVi5/OiGAQ.md5@lochnagar.oryx.com>
Date: Thu, 08 Jan 2009 14:39:34 +0100
From: Arnt Gulbrandsen <arnt@oryx.com>
To: ietf-sasl@imc.org
Subject: Re: gs2 hashed oids
References: <tsl1vvgd141.fsf@mit.edu> <87k598gijo.fsf@mocca.josefsson.org> <6560555BDF0EBFA2F546ACA5@atlantis.pc.cs.cmu.edu>
In-Reply-To: <6560555BDF0EBFA2F546ACA5@atlantis.pc.cs.cmu.edu>
Content-Type: text/plain; format="flowed"
Mime-Version: 1.0
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>

Jeffrey Hutzelman writes:
> Stackable pseudo-mechanisms are not the same as multi-level negotiation.
> Multi-level negotiation is a problem because you end up having to 
> agree on one level before knowing if there's a mutually-acceptable 
> mechanism at the next.  But stackable mechanisms don't work that way; 
> every possible stack has an OID, composed from the OID's of the 
> stacked mechanisms (see section 4.1 of 
> draft-ietf-kitten-stackable-pseudo-mechs-02.txt).  Then the entire 
> _stack_ is negotiated at once, as if it were a single mechanism.  
> This leads to an explosion of possible mechanism OID's, where it's 
> not entirely possible to predict what they all are, but is entirely 
> unreasonable to expect every combination to be named and registered.

It sounds as though a server asked to use GS2-GQGFDSAGDSAF would have to 
recurse through all possible mechanism stack, encoding its OID as 
described in the kitten draft, hashing the resulting OID and comparing 
it against the desired name. Have I understood it correctly? (If not, 
then maybe it's nonobvious and should be explained in the GS2 
document.) If I have, then is that practical to recurse through the 
tree to find the mechanism?

Arnt

v2.23.0 | Report a Bug | By Email