[TLS] Authorization extension test server available
Simon Josefsson <simon@josefsson.org> Thu, 22 February 2007 09:28 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HKAFt-0007RI-C1; Thu, 22 Feb 2007 04:28:49 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HKAFr-0007Dx-DX for tls@ietf.org; Thu, 22 Feb 2007 04:28:47 -0500
Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HKAFn-0002W4-Sb for tls@ietf.org; Thu, 22 Feb 2007 04:28:47 -0500
Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1M9SFZM031716 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <tls@ietf.org>; Thu, 22 Feb 2007 10:28:16 +0100
X-Hashcash: 1:22:070222:tls@ietf.org::apUzcJzSaSMQwEpF:GcVX
From: Simon Josefsson <simon@josefsson.org>
To: tls@ietf.org
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Date: Thu, 22 Feb 2007 10:28:17 +0100
Message-ID: <87tzxeilse.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-1.9 required=4.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
Cc:
Subject: [TLS] Authorization extension test server available
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Hi all! GnuTLS now supports the TLS authorization extension, and I'm wondering if anyone is interested in interop testing of this feature? Our public test server supports RFC 4680 and draft-housley-tls-authz-extns-07 in case someone wants to point their clients towards a server: http://www.gnu.org/software/gnutls/server.html It may be too late to change the specifications, but my comments after implementing this were: - The size of authorization data, i.e., X.509 attribute certs and SAML assertions, are limited to 64kb. Is it certain that we won't need more? - There is no discussion on authorization failures. Should the handshake be aborted? This is complicated by the fact that the authorization data is sent _before_ authentication data. Typically you wait until authentication is complete before processing authorization data. /Simon _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Authorization extension test server availab… Simon Josefsson
- Re: [TLS] Authorization extension test server ava… Russ Housley
- RE: [TLS] Authorization extension test server ava… Ari Medvinsky