[SECMECH] Approach to GUAM work

"Salowey, Joe" <jsalowey@cisco.com> Tue, 23 August 2005 00:11 UTC

Received: from localhost.localdomain ([] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7MNa-00058Q-6U; Mon, 22 Aug 2005 20:11:02 -0400
Received: from odin.ietf.org ([] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7MNZ-00058J-Nv for secmech@megatron.ietf.org; Mon, 22 Aug 2005 20:11:01 -0400
Received: from ietf-mx.ietf.org (ietf-mx []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA06029 for <secmech@ietf.org>; Mon, 22 Aug 2005 20:11:00 -0400 (EDT)
Received: from sj-iport-3-in.cisco.com ([] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E7MNZ-0008CZ-CY for secmech@ietf.org; Mon, 22 Aug 2005 20:11:02 -0400
Received: from sj-core-5.cisco.com ( by sj-iport-3.cisco.com with ESMTP; 22 Aug 2005 17:10:51 -0700
X-IronPort-AV: i="3.96,132,1122879600"; d="scan'208"; a="334642226:sNHT28725492"
Received: from E2K-SEA-XCH2.sea-alpha.cisco.com (e2k-sea-xch2.cisco.com []) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id j7N0Anoo023179 for <secmech@ietf.org>; Mon, 22 Aug 2005 17:10:49 -0700 (PDT)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Mon, 22 Aug 2005 17:15:40 -0700
Message-ID: <7210B31550AC934A8637D6619739CE6905C06A59@e2k-sea-xch2.sea-alpha.cisco.com>
Thread-Topic: Approach to GUAM work
Thread-Index: AcWndxyGgs4vM1VaQGqxUPaiEN1CdA==
From: "Salowey, Joe" <jsalowey@cisco.com>
To: <secmech@ietf.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Content-Transfer-Encoding: quoted-printable
Subject: [SECMECH] Approach to GUAM work
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

We have had some discussion of two different approaches on the list
(framework bindings and bridge methods).  I think discussion is leaning
towards framework bindings as a good basic approach, realizing this
could be augmented by bridge mechanism and other tools for achieving

Here is a proposal for moving forward with this:

1. Document the requirements for creating mechanisms that can be bound
to any (GSS-API, SASL, EAP) framework
2. Identify tools such as mechanisms bridges that can help facilitate
the binding.  This could include a GSS-API EAP mechanism, pointers to
existing security layers that could be used (ESP, GSS-KRB,...),
automatic numbering and naming conventions, perhaps a GSS-API to AAA/EAP
bridge, tunneling...
3. Document any new tools (some may already exist) and document a
template for specifying a GUAM mechanism.  The template document would
provide the pointers to tools. 

Is this a reasonable approach?  
Who is willing to author/contribute to 1, 2 and 3?  
Who is willing to review documents from 1 and 3 (I'm not sure that 1
will be published as an RFC, but the requirements definitely need to be



SECMECH mailing list