IETF Logo Mail Archive

Re: [TLS] the use cases for GSS-based TLS and the plea for

Nicolas Williams <Nicolas.Williams@sun.com> Fri, 20 July 2007 17:50 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBwcz-0000u0-8j; Fri, 20 Jul 2007 13:50:57 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBwcy-0000tv-KQ for tls@ietf.org; Fri, 20 Jul 2007 13:50:56 -0400
Received: from brmea-mail-2.sun.com ([192.18.98.43]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IBwcy-0008JP-8t for tls@ietf.org; Fri, 20 Jul 2007 13:50:56 -0400
Received: from centralmail4brm.central.Sun.COM ([129.147.62.198]) by brmea-mail-2.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l6KHotAh011420 for <tls@ietf.org>; Fri, 20 Jul 2007 17:50:55 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by centralmail4brm.central.Sun.COM (8.13.6+Sun/8.13.6/ENSMAIL, v2.2) with ESMTP id l6KHotiY009472 for <tls@ietf.org>; Fri, 20 Jul 2007 11:50:55 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id l6KHotYg026806; Fri, 20 Jul 2007 12:50:55 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id l6KHosjT026805; Fri, 20 Jul 2007 12:50:54 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Fri, 20 Jul 2007 12:50:53 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Martin Rex <Martin.Rex@sap.com>
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
Message-ID: <20070720175053.GL26603@Sun.COM>
References: <20070720171837.GI26603@Sun.COM> <200707201740.l6KHeYgH008101@fs4113.wdf.sap.corp>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200707201740.l6KHeYgH008101@fs4113.wdf.sap.corp>
User-Agent: Mutt/1.5.7i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

On Fri, Jul 20, 2007 at 07:40:34PM +0200, Martin Rex wrote:
> What I meant (and forgot to add) was "certificate-based credential
> (self-signed when no PKI is used) as a mandatory to implement
> feature for interoperability".
> 
> If support of cert-based credentials is a mere MAY, then I am sure
> there will be servers/services where installing or using a PKI
> credential is impossible/defective/unusable, and you cannot complain
> to the vendor because not-supporting it is fully compliant with the spec.

I don't think this spec aims to change TLS 1.1 to make any current
cipher suites that are REQUIRED to implement no longer REQUIRED to
implement.  Nor would I support that, for interop reasons, of course.

Nico
-- 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.29.0 | Report a Bug | By Email | System Status