IETF Logo Mail Archive

Re: Poll: pure SCRAM versa SCRAM-as-GS2

Nicolas Williams <Nicolas.Williams@sun.com> Tue, 10 February 2009 20:48 UTC

Return-Path: <owner-ietf-sasl@mail.imc.org>
X-Original-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Delivered-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A04EA3A6C1B for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Tue, 10 Feb 2009 12:48:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.686
X-Spam-Level:
X-Spam-Status: No, score=-5.686 tagged_above=-999 required=5 tests=[AWL=0.360, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y4rLjMc2TfML for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Tue, 10 Feb 2009 12:48:02 -0800 (PST)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 7EF793A6CBC for <sasl-archive-Zoh8yoh9@ietf.org>; Tue, 10 Feb 2009 12:48:02 -0800 (PST)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n1AKiYSF098408 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Feb 2009 13:44:34 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n1AKiYuT098407; Tue, 10 Feb 2009 13:44:34 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n1AKiNOD098396 for <ietf-sasl@imc.org>; Tue, 10 Feb 2009 13:44:34 -0700 (MST) (envelope-from Nicolas.Williams@sun.com)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n1AKiNph009746 for <ietf-sasl@imc.org>; Tue, 10 Feb 2009 20:44:23 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id n1AKiNP0027935 for <ietf-sasl@imc.org>; Tue, 10 Feb 2009 13:44:23 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n1AKZWQ4016106; Tue, 10 Feb 2009 14:35:32 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n1AKZWVu016105; Tue, 10 Feb 2009 14:35:32 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Tue, 10 Feb 2009 14:35:32 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Kurt Zeilenga <Kurt.Zeilenga@isode.com>
Cc: Alexey Melnikov <alexey.melnikov@isode.com>, SASL WG <ietf-sasl@imc.org>
Subject: Re: Poll: pure SCRAM versa SCRAM-as-GS2
Message-ID: <20090210203532.GJ9992@Sun.COM>
References: <498B569C.7070400@isode.com> <9F513164-7955-41A1-A015-BED66D7D720C@Isode.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <9F513164-7955-41A1-A015-BED66D7D720C@Isode.com>
User-Agent: Mutt/1.5.7i
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>

On Tue, Feb 10, 2009 at 12:17:32PM -0800, Kurt Zeilenga wrote:
> Question regarding the GS2-SCRAM specification.
> 
> I see no language in draft-newman-auth-scram-gs2-00.txt which says  
> whether it or the specifications detailing the SASL-GS2, GSS-API, GSS- 
> API-SCRAM are definitive.
> 
> Which will be?
> 
> I don't think 'neither' or 'both' is an appealing (to me) answer here.

Certainly "neither" is not a good answer, because then there'd be no
authoritative specification :)

However, SCRAM-as-GS2 must stand on its own if pure-SASL implementors
are to be happy, yet it needs to conform to GS2 if we are to have
interop with SASL/GS2 implementors.

> I would argue that if we further pursue the scram-gs2 approach, I  
> would favor the approach suggested by Simon.  That is, SCRAM-GS2 be  
> informational.   I would add that SCRAM-GS2 should include text that  
> clearly states it is not definitive.

I'd be happy with that.  But pure SASL implementors might not be, in
which case we'll need to make a) the SCRAM specification independent of
GS2 yet b) conformant to it.  I have long assumed we'd have to do just
that.

Nico
--

v2.23.0 | Report a Bug | By Email