Re: [SPKM] Interoperability
Martin Rex <martin.rex@sap.com> Fri, 03 November 2006 19:36 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gg4qD-0000Q8-SM; Fri, 03 Nov 2006 14:36:37 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gg4qD-0000NN-4E for spkm@ietf.org; Fri, 03 Nov 2006 14:36:37 -0500
Received: from smtpde02.sap-ag.de ([155.56.68.170]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gg4q9-0005ki-N4 for spkm@ietf.org; Fri, 03 Nov 2006 14:36:37 -0500
Received: from sap-ag.de (smtpde02) by smtpde02.sap-ag.de (out) with ESMTP id UAA21089; Fri, 3 Nov 2006 20:36:20 +0100 (MEZ)
From: Martin Rex <martin.rex@sap.com>
Message-Id: <200611031936.UAA16703@uw1048.wdf.sap.corp>
Subject: Re: [SPKM] Interoperability
To: Nicolas.Williams@sun.com
Date: Fri, 03 Nov 2006 20:36:19 +0100
In-Reply-To: <20061031211246.GT28107@binky.Central.Sun.COM> from "Nicolas Williams" at Oct 31, 6 03:12:46 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
X-SAP: out
X-SAP: out
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4
Cc: hartmans-ietf@mit.edu, spkm@ietf.org
X-BeenThere: spkm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: Low Infrastructure Public Key GSS mechanism <spkm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/spkm>
List-Post: <mailto:spkm@ietf.org>
List-Help: <mailto:spkm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=subscribe>
Errors-To: spkm-bounces@ietf.org
Nicolas Williams wrote: > > On Tue, Oct 31, 2006 at 02:23:50PM -0500, Sam Hartman wrote: > > * When will we get a spec out? How long will the market wait? > > Sometimes, you have to accept that the market will deploy something > > and you have little influence on it. In those cases it's better to > > write a compelling spec and hope that people will migrate. Other > > times, if you can stretch to meet market timing, you can avoid the > > market deploying something that does not meet your spec. That is > > very desirable. > > If we cannot get a spec that will meet our needs in time for the market > then the proposed protocol could go to Informational and a spec that > does meet our needs can later go to Proposed-Standard, using a different > OID. There is a problem in the traditional (simple) GSS-API and how it is embedded within several application protocols, that there is no negotiation of a mechanism (OID). In real distributed environments, where a component is both, server and client, a switch to a new OID might require a "flag day". Depending on the implementation (and we know that SPKM is underspecified in this area), an updated enhanced GSS-API mechanism might use the new OID also in the generic framing of the exported binary canonical name, and as a result might not reuse any of the existing ACLs based on binary canonical names... The use of the mechanism OID in the generic framing of exported binary canonical names was (primarily) meant to prevent accidental collisions of two names from distinct namespaces referring to distinct entities, not to ultimately require distinct exported names based on the employed authentication mechanism (although I admit that some saw this as a potential feature, being able to distinguish mechanisms of different strength in the ACL). Personally, I see a real benefit if mechanisms sharing a common namespace can share ACLs, be that ACLs with printable or binary canonical names. -Martin _______________________________________________ SPKM mailing list SPKM@ietf.org https://www1.ietf.org/mailman/listinfo/spkm
- [SPKM] Interoperability Sam Hartman
- Re: [SPKM] Interoperability Nicolas Williams
- Re: [SPKM] Interoperability Nicolas Williams
- Re: [SPKM] Interoperability Sam Hartman
- Re: [SPKM] Interoperability Nicolas Williams
- Re: [SPKM] Interoperability Martin Rex
- Re: [SPKM] Interoperability Sam Hartman