IETF Logo Mail Archive

Re: [SPKM] Re: FW: I-D ACTION:draft-zhu-pku2u-01.txt

Nicolas Williams <Nicolas.Williams@sun.com> Wed, 18 April 2007 20:54 UTC

Return-path: <spkm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HeHB5-0007jA-Mg; Wed, 18 Apr 2007 16:54:59 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HeHB4-0007iv-QN for spkm@ietf.org; Wed, 18 Apr 2007 16:54:58 -0400
Received: from brmea-mail-2.sun.com ([192.18.98.43]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HeHB3-0006IE-6O for spkm@ietf.org; Wed, 18 Apr 2007 16:54:58 -0400
Received: from centralmail4brm.central.Sun.COM ([129.147.62.198]) by brmea-mail-2.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l3IKsuS1001556 for <spkm@ietf.org>; Wed, 18 Apr 2007 20:54:56 GMT
Received: from binky.central.sun.com (binky.Central.Sun.COM [129.153.128.104]) by centralmail4brm.central.Sun.COM (8.13.6+Sun/8.13.6/ENSMAIL, v2.2) with ESMTP id l3IKsuCJ013616 for <spkm@ietf.org>; Wed, 18 Apr 2007 14:54:56 -0600 (MDT)
Received: from binky.central.sun.com (localhost [127.0.0.1]) by binky.central.sun.com (8.13.8+Sun/8.13.6) with ESMTP id l3IKrvU6010459; Wed, 18 Apr 2007 15:53:57 -0500 (CDT)
Received: (from nw141292@localhost) by binky.central.sun.com (8.13.8+Sun/8.13.8/Submit) id l3IKrtsI010458; Wed, 18 Apr 2007 15:53:55 -0500 (CDT)
X-Authentication-Warning: binky.central.sun.com: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Wed, 18 Apr 2007 15:53:55 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Martin Rex <Martin.Rex@sap.com>
Subject: Re: [SPKM] Re: FW: I-D ACTION:draft-zhu-pku2u-01.txt
Message-ID: <20070418205355.GS4375@Sun.COM>
Mail-Followup-To: Martin Rex <Martin.Rex@sap.com>, Liqiang <lzhu@windows.microsoft.com>, aglo@citi.umich.edu, spkm@ietf.org, kitten@lists.ietf.org
References: <CAAAEFE273EAD341A4B02AAA9CA6F7330560FD3D@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com> <200704182046.l3IKkfsK024424@fs4113.wdf.sap.corp>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200704182046.l3IKkfsK024424@fs4113.wdf.sap.corp>
User-Agent: Mutt/1.5.7i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Cc: aglo@citi.umich.edu, spkm@ietf.org, kitten@lists.ietf.org
X-BeenThere: spkm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Low Infrastructure Public Key GSS mechanism <spkm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/spkm>
List-Post: <mailto:spkm@ietf.org>
List-Help: <mailto:spkm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=subscribe>
Errors-To: spkm-bounces@ietf.org

On Wed, Apr 18, 2007 at 10:46:41PM +0200, Martin Rex wrote:
> Liqiang wrote:
> > 
> > Olga Kornievskaia wrote:
> > > First, I hope that the 1st sentence refers to "tokens" not just the 
> > > 1st (AS_REQ) token. As its written, it says that AS_REQ token is framed 
> > > but the AS_REP token is not which doesn't make sense.
> > 
> > Your understanding is correct. Only the first message has the framing.
> > This is consistent with RFC4121 and RFC4178.
> 
> NOPE, it is significantly different from rfc1964 and rfc4121.

Regardless, RFC2743 only requires it on the initial context token.

We should probably consider whether we want to RECOMMEND, or even
REQUIRE that that header be added to all security context establishment
tokens, not just the initial one.

But until somebody tables that matter we should not consider
RFC1964/4121 as imposing such a requirement on other mechanism that use
different mechanism OIDs.

That said, there's this interesting question: PKU2U re-uses RFC4121 for
everything following PKU2U's first two security context tokens (which
are KDC messages between the initiator and the acceptor acting as a
pseudo-KDC), so, should those context tokens lifted from RFC4121 bear
this header?

I could go either way.

Nico
-- 

_______________________________________________
SPKM mailing list
SPKM@ietf.org
https://www1.ietf.org/mailman/listinfo/spkm

v2.23.0 | Report a Bug | By Email