Re: [secdir] SecDir review of draft-ietf-krb-wg-gss-cb-hash-agility-08
Nico Williams <nico@cryptonector.com> Mon, 28 November 2011 21:00 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2E4A1F0C92; Mon, 28 Nov 2011 13:00:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.677
X-Spam-Level:
X-Spam-Status: No, score=-0.677 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t5cD8fxIL+5f; Mon, 28 Nov 2011 13:00:49 -0800 (PST)
Received: from homiemail-a35.g.dreamhost.com (caiajhbdccac.dreamhost.com [208.97.132.202]) by ietfa.amsl.com (Postfix) with ESMTP id 20F2B1F0C8F; Mon, 28 Nov 2011 13:00:49 -0800 (PST)
Received: from homiemail-a35.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTP id BEB605408B; Mon, 28 Nov 2011 13:00:43 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=Uumx19Ii0T0d8AyMRVy6Ns8WIzUxPrTTM1Qmv+EiYKEX /D3hXPv/20tLpv/PQCtXfhRQ+Dipz8u8Xn9ON7fIN75ZQoWJQ0lwRdafsoGKrX0w fmBhynn4g7NNVhcLI7uqNQFhTxEzZHOkf707n1JapW3TfWdFx4UFMO9P2oVzSEU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=kjL2MnVpVE6ovL5L5oy508NGq0o=; b=FelPKx0ULBF tRmPKzRoBb6qooewxrZX99BPqJ0WIb41UiPTlThZTXvL98g9klV/kk65Mv49hHOg kLPBoSb9Y9Q9CjMYOtL13kwSdVe6RdZG33TqOc/kV5fegM+ig8FsPUKx5EpI6A6V As0N7WLGh2yD1yO3qyBOCTC8EuNHg8z0=
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTPSA id 80A73541E4; Mon, 28 Nov 2011 12:13:48 -0800 (PST)
Received: by ggnp4 with SMTP id p4so6894031ggn.31 for <multiple recipients>; Mon, 28 Nov 2011 12:13:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.12.199 with SMTP id a7mr56428493pbc.58.1322511224640; Mon, 28 Nov 2011 12:13:44 -0800 (PST)
Received: by 10.68.192.70 with HTTP; Mon, 28 Nov 2011 12:13:44 -0800 (PST)
In-Reply-To: <AE31510960917D478171C79369B660FA0E18FA05F7@MX06A.corp.emc.com>
References: <AE31510960917D478171C79369B660FA0E18FA05F7@MX06A.corp.emc.com>
Date: Mon, 28 Nov 2011 14:13:44 -0600
Message-ID: <CAK3OfOhQs96fJdfMPem9P5VWuCH+A+N8fFOtQ2i+jfxdH6CgKw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: kathleen.moriarty@emc.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: draft-ietf-krb-wg-gss-cb-hash-agility.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SecDir review of draft-ietf-krb-wg-gss-cb-hash-agility-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2011 21:00:49 -0000
On Mon, Nov 28, 2011 at 1:53 PM, <kathleen.moriarty@emc.com> wrote: > I think the document is ready. The only suggestion would be to consider expanding out the security consideration section to list any risks with using or not using channel bindings. Right now, it states it is up to the application's policy, which is fine, but may leave developers with questions. This document is not really of interest to GSS-API application protocol developers -- they should be using RFCs 2743 and 5554. This doc is intended primarily for Kerberos GSS mechanism implementors. That said, informative references to RFC 5056 and 5554 wouldn't hurt, and in any case I'm not opposed to the proposed change. Nico --
- [secdir] SecDir review of draft-ietf-krb-wg-gss-c… kathleen.moriarty
- Re: [secdir] SecDir review of draft-ietf-krb-wg-g… Nico Williams
- Re: [secdir] SecDir review of draft-ietf-krb-wg-g… Shawn Emery