Re: Agenda items to discuss

[Nicolas Williams <Nicolas.Williams@sun.com>]

On Thu, Oct 30, 2003 at 11:45:55AM -0500, Sam Hartman wrote:
> 
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@sun.com> writes:
> 
>     Nicolas> On Wed, Oct 29, 2003 at 01:44:05PM -0500, Sam Hartman
>     Nicolas> wrote:
>     >> * There was some discussion of multiple layers of encryption
>     >> (TLS vs security layers) in XMPP; do we want to develop
>     >> guidance for protocol designers on this issue?
> 
>     Nicolas> I think this should be discussed.
> 
>     Nicolas> I think the guidance we want to give is: don't delegate
>     Nicolas> session protection from one layer to another without
>     Nicolas> confirming that the end-points at both layers are the
>     Nicolas> same.
> 
Sam> This approach is out of scope for the SASL working group as it
Sam> cannot be implemented within the current charter.  If you want to
Sam> discuss the approach on the list, that's fine.  However I don't
Sam> think modifying SASL to gain channel bindings is appropriate for
Sam> meeting time at the IETF.

I don't see how the text from me that you quote could possibly be out of
scope for this WG - that text calls for "guidance" - security
considerations text.

The following text from me which you didn't quote does propose two
things, one of which may well be out of scope for the WG - which is fine
by me, as long as guidance is given:

Nico> It would be nice if SASL had a channel bindings facility.  Such a
Nico> facility could be added or applications could be encouraged to
Nico> exchange channel bindings data integrity protected at the SASL
Nico> layer.

I can see that adding a channel bindings facility to SASL may be out of
scope for this WG.

That said, you could argue that the channel bindings I-D itself
provides, or should provide, sufficient guidance for developers of SASL
application protocols.  If so, please review the text in section 3.2 of
draft-ietf-nfsv4-channel-bindings-00.txt.

Thanks,

Nico
--