Re: [TLS] the use cases for GSS-based TLS and the plea for integrating

Jeffrey Altman <jaltman@secure-endpoints.com> Thu, 26 July 2007 21:53 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IEBHC-0005Fw-B3; Thu, 26 Jul 2007 17:53:42 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IEBHB-0005Fq-Kv for tls@ietf.org; Thu, 26 Jul 2007 17:53:41 -0400
Received: from ms-smtp-01.rdc-nyc.rr.com ([24.29.109.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IEBHB-0001UY-6W for tls@ietf.org; Thu, 26 Jul 2007 17:53:41 -0400
Received: from www.secure-endpoints.com (cpe-24-193-47-99.nyc.res.rr.com [24.193.47.99]) by ms-smtp-01.rdc-nyc.rr.com (8.13.6/8.13.6) with ESMTP id l6QLremw024920 for <tls@ietf.org>; Thu, 26 Jul 2007 17:53:40 -0400 (EDT)
Received: from [192.168.1.13] by secure-endpoints.com (Cipher TLSv1:RC4-MD5:128) (MDaemon PRO v9.6.1) with ESMTP id md50000058800.msg for <tls@ietf.org>; Thu, 26 Jul 2007 17:54:57 -0400
Message-ID: <46A91838.5050705@secure-endpoints.com>
Date: Thu, 26 Jul 2007 17:55:04 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Organization: Secure Endpoints Inc.
User-Agent: Thunderbird 2.0.0.5 (Windows/20070716)
MIME-Version: 1.0
To: Chris.Newman@Sun.COM
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
References: <200707171840.l6HIeg9M018099@fs4113.wdf.sap.corp> <48A6320349FD1EDBE937A357@dhcp-26f9.ietf69.org> <C4E819FF73EA6ED22A3906CD@446E7922C82D299DB29D899F> <7CD9366321AC463125D19ED4@446E7922C82D299DB29D899F>
In-Reply-To: <7CD9366321AC463125D19ED4@446E7922C82D299DB29D899F>
X-Enigmail-Version: 0.95.2
OpenPGP: url=http://pgp.mit.edu
X-Authenticated-Sender: jaltman@secure-endpoints.com
X-Spam-Processed: www.secure-endpoints.com, Thu, 26 Jul 2007 17:54:57 -0400 (not processed: message from valid local sender)
X-Lookup-Warning: EHLO lookup on [192.168.1.13] does not match 24.193.47.99
X-Return-Path: jaltman@secure-endpoints.com
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: tls@ietf.org
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a2c12dacc0736f14d6b540e805505a86
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: jaltman@secure-endpoints.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1852136673=="
Errors-To: tls-bounces@lists.ietf.org

Chris Newman wrote:
> I will certainly do that.  However, I recommend you talk to
> application developers who consume TLS and GSSAPI/SSPI/SASL/EAP APIs
> to see how they feel about these issues.
>
Chris:

If I am reading you correctly, you would like to see proposals for
example describing how the Windows SSPI and OpenSSL among other TLS
implementations would need to be modified to support the described
functionality.  I think that this is a very important consideration and
I would be happy to propose changes for OpenSSL as I was involved in
adding the support for TLS KRB5 to OpenSSL many years ago.

Jeffrey Altman

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls