Re: [TLS] Re: the use cases for GSS-based TLS and the plea for integrating

Leif Johansson <leifj@it.su.se> Thu, 26 July 2007 16:10 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IE5v1-0007J6-E6; Thu, 26 Jul 2007 12:10:27 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IE5uz-0007FB-CG for tls@ietf.org; Thu, 26 Jul 2007 12:10:25 -0400
Received: from smtp3.su.se ([130.237.93.228]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IE5ux-00022S-Tc for tls@ietf.org; Thu, 26 Jul 2007 12:10:25 -0400
Received: from localhost (localhost [127.0.0.1]) by smtp3.su.se (Postfix) with ESMTP id 08E4C3BF5F; Thu, 26 Jul 2007 18:10:21 +0200 (CEST)
Received: from smtp3.su.se ([127.0.0.1]) by localhost (smtp3.su.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 15858-02-4; Thu, 26 Jul 2007 18:10:20 +0200 (CEST)
Received: from [130.129.18.102] (dhcp-1266.ietf69.org [130.129.18.102]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp3.su.se (Postfix) with ESMTP id 903283BF1F; Thu, 26 Jul 2007 18:10:15 +0200 (CEST)
Message-ID: <46A8C770.9030108@it.su.se>
Date: Thu, 26 Jul 2007 18:10:24 +0200
From: Leif Johansson <leifj@it.su.se>
User-Agent: Thunderbird 1.5.0.12 (X11/20070604)
MIME-Version: 1.0
To: Simon Josefsson <simon@josefsson.org>
Subject: Re: [TLS] Re: the use cases for GSS-based TLS and the plea for integrating
References: <200707171840.l6HIeg9M018099@fs4113.wdf.sap.corp> <48A6320349FD1EDBE937A357@dhcp-26f9.ietf69.org> <873azbgob1.fsf@mocca.josefsson.org>
In-Reply-To: <873azbgob1.fsf@mocca.josefsson.org>
X-Enigmail-Version: 0.94.2.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at smtp.su.se
X-Spam-Status: No, hits=-1.946 tagged_above=-99 required=7 tests=[AWL=0.366, BAYES_00=-2.312]
X-Spam-Level:
X-Spam-Score: -4.0 (----)
X-Scan-Signature: d6b246023072368de71562c0ab503126
Cc: Chris Newman <Chris.Newman@Sun.COM>, tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Simon Josefsson wrote:
> Chris Newman <Chris.Newman@Sun.COM> writes:
>
>   
>> sufficient that it might deploy.  Specifically, is this likely to be
>> implemented in multiple TLS stacks?  Are applications that consume TLS
>>     
>
> I believe GSS-API support in TLS, either directly, or through some
> generic external-authentication-protocol (which may use channel bindings
> to bind the external authentication to the TLS stream) is a good idea.
> We all know RFC 2712 is broken. GSSAPI-in-TLS seems like a simple way
> fix both RFC 2712 and enable other useful things.
>
>   

I fully agree with this.

    Cheers Leif

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls