[SPKM] DTLS and GSS-API
Sam Hartman <hartmans-ietf@mit.edu> Tue, 31 October 2006 17:08 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gex6P-0001Uh-E5; Tue, 31 Oct 2006 12:08:41 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gex6M-0001UR-PW; Tue, 31 Oct 2006 12:08:39 -0500
Received: from carter-zimmerman.dyn.mit.edu ([18.188.3.148] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gex6I-0007sr-HG; Tue, 31 Oct 2006 12:08:38 -0500
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id C2C43E0035; Tue, 31 Oct 2006 12:08:25 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: tls@ietf.org, spkm@ietf.org
Date: Tue, 31 Oct 2006 12:08:25 -0500
Message-ID: <tsliri0tnue.fsf@cz.mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa
Cc:
Subject: [SPKM] DTLS and GSS-API
X-BeenThere: spkm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Low Infrastructure Public Key GSS mechanism <spkm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/spkm>
List-Post: <mailto:spkm@ietf.org>
List-Help: <mailto:spkm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=subscribe>
Errors-To: spkm-bounces@ietf.org
Monday morning at IETF 67 there is a really important BOF: SPKM. The purpose of this BOF is to decide how we will get a standards track solution for NFSV4 to use PKI credentials. Two modes are important: a mode where both parties have credentials and a mode where the server has a certificate and the client has a password. The current proposal is based off draft-adamson-rfc2847-01.txt. Several reviewers including Eric Rescorla and myself have expressed concerns about this draft. An alternate proposal for solving this problem was discussed in the past: construct a GSS-API mechanism based on DTLS. Advantages of this solution include reuse of code and specification between GSS-API and TLS implementations. When new ciphers are specified for TLS they would be available for NFS. We would not need to keep updating a GSS mechanism as public-key algorithms evolve and problems are found. There are two main drawbacks I've heard to the DTLS proposal. First, we don't have a draft. Second, it would not be interoperable with SPKM-3 deployments. I hope the BOF will answer the question of how much we care about SPKM-3 deployments. I only want to see one standards track solution in this space. Currently, there does not seem to be enough interest in the DTLS proposal for it to be a viable alternative. I would like to encourage the TLS community to take a look at draft-adamson-rfc2847-01 and to consider how a DTLS approach would work and think about whether advocating for such an approach would be a good idea. If so, someone at least needs to be prepared to give a brief presentation by next Monday on such a proposal. The BOF chair wanted to hear about anyone giving an alternative presentation by Wednesday of this week. I'm hoping he will be a bit flexible as I was supposed to write this message last Friday. Thanks for your consideration, --Sam _______________________________________________ SPKM mailing list SPKM@ietf.org https://www1.ietf.org/mailman/listinfo/spkm
- [SPKM] DTLS and GSS-API Sam Hartman
- Re: [SPKM] DTLS and GSS-API Jeffrey Hutzelman
- Re: [SPKM] DTLS and GSS-API Nicolas Williams
- [SPKM] RE: [TLS] DTLS and GSS-API Liqiang(Larry) Zhu
- Re: [SPKM] RE: [TLS] DTLS and GSS-API Nicolas Williams
- [SPKM] Re: [TLS] DTLS and GSS-API Martin Rex
- Re: [SPKM] Re: [TLS] DTLS and GSS-API Sam Hartman
- Re: [SPKM] Re: [TLS] DTLS and GSS-API Nicolas Williams