IETF Logo Mail Archive

Re: [TLS] Negotiation in draft-santesson-tls-gssapi

Nicolas Williams <Nicolas.Williams@sun.com> Wed, 18 July 2007 23:10 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBIei-00069K-8K; Wed, 18 Jul 2007 19:10:04 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBIeg-00066Z-HS for tls@ietf.org; Wed, 18 Jul 2007 19:10:02 -0400
Received: from sca-ea-mail-3.sun.com ([192.18.43.21]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IBIef-0000sY-5F for tls@ietf.org; Wed, 18 Jul 2007 19:10:02 -0400
Received: from centralmail4brm.central.Sun.COM ([129.147.62.198]) by sca-ea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l6IN9x9k022292 for <tls@ietf.org>; Wed, 18 Jul 2007 23:10:00 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by centralmail4brm.central.Sun.COM (8.13.6+Sun/8.13.6/ENSMAIL, v2.2) with ESMTP id l6IN9x5a002260 for <tls@ietf.org>; Wed, 18 Jul 2007 17:09:59 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id l6IN9xMT025111 for <tls@ietf.org>; Wed, 18 Jul 2007 18:09:59 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id l6IN9xkc025110 for tls@ietf.org; Wed, 18 Jul 2007 18:09:59 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Wed, 18 Jul 2007 18:09:59 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: tls@ietf.org
Subject: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
Message-ID: <20070718230958.GS24645@Sun.COM>
References: <20070718225633.GR24645@Sun.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20070718225633.GR24645@Sun.COM>
User-Agent: Mutt/1.5.7i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 08e48e05374109708c00c6208b534009
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

I just noticed Martin's objection that mechanism negotiation must be
done at the TLS level to avoid a failure mode where GSS is selected but
no common mechanism is found, yet non-GSS/PSK TLS would have worked.

The current version of the I-D allows TLS to continue to make progress
if the GSS security context establishment fails.  This is good, but if
negotiation could be done at the TLS level then we can optimize
round-trips in this corner case.  I'm not sure if we care.

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.29.0 | Report a Bug | By Email | System Status