Re: IETF 53 SASL bar BoF minutes
"RL 'Bob' Morgan" <rlmorgan@washington.edu> Fri, 29 March 2002 18:55 UTC
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g2TItKE26540 for ietf-sasl-bks; Fri, 29 Mar 2002 10:55:20 -0800 (PST)
Received: from mxout3.cac.washington.edu (mxout3.cac.washington.edu [140.142.32.19]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g2TItIm26536 for <ietf-sasl@imc.org>; Fri, 29 Mar 2002 10:55:18 -0800 (PST)
Received: from mailscan-out1.cac.washington.edu (mailscan-out1.cac.washington.edu [140.142.32.17]) by mxout3.cac.washington.edu (8.12.1+UW01.12/8.12.1+UW02.01) with SMTP id g2TItJ8J010416 for <ietf-sasl@imc.org>; Fri, 29 Mar 2002 10:55:20 -0800
Received: FROM smtp.washington.edu BY mailscan-out1.cac.washington.edu ; Fri Mar 29 10:55:13 2002 -0800
Received: from D-140-142-21-42.dhcp2.washington.edu (D-140-142-21-42.dhcp2.washington.edu [140.142.21.42]) (authenticated bits=0) by smtp.washington.edu (8.12.1+UW01.12/8.12.1+UW02.01) with ESMTP id g2TItCkx014529 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 29 Mar 2002 10:55:12 -0800
Date: Fri, 29 Mar 2002 10:56:52 -0800
From: RL 'Bob' Morgan <rlmorgan@washington.edu>
X-X-Sender: rlmorgan@perx.cac.washington.edu
To: Laurence Lundblade <lgl@qualcomm.com>
cc: SASL list <ietf-sasl@imc.org>
Subject: Re: IETF 53 SASL bar BoF minutes
In-Reply-To: <5.1.0.14.2.20020328155118.03496d48@jittlov.qualcomm.com>
Message-ID: <Pine.LNX.4.44.0203291042400.26572-100000@perx.cac.washington.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
On Thu, 28 Mar 2002, Laurence Lundblade wrote: > Seems like you could put 10 or 20 certs in a 16Kb buffer. Are you expecting > chains longer than that? Seems that would be approaching meaningless in > terms of any real-world trust. Depends on how big a cert is. X.509 certs today are pretty minimal, but if you look in draft-ietf-pkix-new-part1-12.txt you'll see a whole pile of extensions that exist presumably so authorities can start using them, and other pkix docs specify yet more extensions. There will presumably be struggle between PKI deployers wanting to jam lotsa stuff into their certs (some of which, like name constraints, are arguably essential to the overall security of the scheme) and small-device folks saying hey these things won't fit. How big a typical cert will be 5 years from now is pretty hard to say, seems to me. > Also, if the certs are ordered leaf to root and the whole record > containing is not signed, you can process them with a smaller buffer. > The only thing about SSL that requires the large buffer is that you have > to verify the MAC/hash before passing the data along to the next layer. Umm, I think you're talking about buffer management inside your implementation. The issue at hand is, I think, the size of objects that SASL-profiled application protocols have to be able to handle to support an acceptable set of security mechanisms. - RL "Bob"
- IETF 53 SASL bar BoF minutes RL 'Bob' Morgan
- Re: IETF 53 SASL bar BoF minutes Alexey Melnikov
- Re: IETF 53 SASL bar BoF minutes Marshall Rose
- Re: IETF 53 SASL bar BoF minutes Tony Hansen
- Re: IETF 53 SASL bar BoF minutes Raif S. Naffah
- Re: IETF 53 SASL bar BoF minutes Alexey Melnikov
- Re: IETF 53 SASL bar BoF minutes Alexey Melnikov
- Re: IETF 53 SASL bar BoF minutes Alexey Melnikov
- Re: IETF 53 SASL bar BoF minutes Laurence Lundblade
- Re: IETF 53 SASL bar BoF minutes Lawrence Greenfield
- Re: IETF 53 SASL bar BoF minutes Laurence Lundblade
- Re: IETF 53 SASL bar BoF minutes Lawrence Greenfield
- Re: IETF 53 SASL bar BoF minutes Laurence Lundblade
- Re: IETF 53 SASL bar BoF minutes RL 'Bob' Morgan
- Re: IETF 53 SASL bar BoF minutes Laurence Lundblade
- Re: IETF 53 SASL bar BoF minutes RL 'Bob' Morgan
- maximum token size John Gardiner Myers
- Re: IETF 53 SASL bar BoF minutes Laurence Lundblade