Re: Agenda items to discuss
"Jeffrey Altman [Kermit Project Volunteer]" <jaltman@columbia.edu> Wed, 29 October 2003 23:44 UTC
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TNiakT052523 for <ietf-sasl-bks@above.proper.com>; Wed, 29 Oct 2003 15:44:36 -0800 (PST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9TNiaKH052522 for ietf-sasl-bks; Wed, 29 Oct 2003 15:44:36 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from brazilnut.cc.columbia.edu (IDENT:cu41754@brazilnut.cc.columbia.edu [128.59.59.203]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TNiYkT052517 for <ietf-sasl@imc.org>; Wed, 29 Oct 2003 15:44:35 -0800 (PST) (envelope-from jaltman@columbia.edu)
Received: from columbia.edu (66-108-138-151.nyc.rr.com [66.108.138.151]) (user=jaltman mech=PLAIN bits=0) by brazilnut.cc.columbia.edu (8.12.10/8.12.10) with ESMTP id h9TNiUY9001498 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 29 Oct 2003 18:44:33 -0500 (EST)
Message-ID: <3FA050DA.9000702@columbia.edu>
Date: Wed, 29 Oct 2003 18:44:26 -0500
From: "Jeffrey Altman [Kermit Project Volunteer]" <jaltman@columbia.edu>
Reply-To: ietf-sasl@imc.org
Organization: Columbia University in the City of New York
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Nicolas Williams <Nicolas.Williams@Sun.COM>
CC: Sam Hartman <hartmans@mit.edu>, ietf-sasl@imc.org
Subject: Re: Agenda items to discuss
References: <20031029184405.2F80E1515E8@konishi-polis.mit.edu> <20031029225109.GB24528@binky.central.sun.com>
In-Reply-To: <20031029225109.GB24528@binky.central.sun.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.35
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Nicolas Williams wrote: >On Wed, Oct 29, 2003 at 01:44:05PM -0500, Sam Hartman wrote: > > >>* There was some discussion of multiple layers of encryption (TLS vs security layers) in XMPP; do we want >>to develop guidance for protocol designers on this issue? >> >> > >I think this should be discussed. > >I think the guidance we want to give is: don't delegate session >protection from one layer to another without confirming that the >end-points at both layers are the same. > >See: > >http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-channel-bindings-00.txt > > >It would be nice if SASL had a channel bindings facility. Such a >facility could be added or applications could be encouraged to exchange >channel bindings data integrity protected at the SASL layer. > >Can GSS-API channel bindings facility be used when using the GSS-* SASL >mechanisms? > >Cheers, > >Nico > > I second this sentiment. We need to provide advice on how the underlying session security can be validated as part of the SASL authentication OR after the authentication by exchanging messages using the SASL Security Layer which can be then be turned off if validation was successful. Jeffrey Altman
- Agenda items to discuss Sam Hartman
- Re: Agenda items to discuss Greg Hudson
- Re: Agenda items to discuss Nicolas Williams
- Re: Agenda items to discuss Jeffrey Altman [Kermit Project Volunteer]
- Re: Agenda items to discuss Nicolas Williams
- Re: Agenda items to discuss Sam Hartman
- Re: Agenda items to discuss Nicolas Williams
- Re: Agenda items to discuss Alexey Melnikov