[TLS] Re: Review of draft-santesson-tls-gssapi-00

[Simon Josefsson <simon@josefsson.org>]

<Pasi.Eronen@nokia.com> writes:

> Eric Rescorla wrote:
>
>> >> 2) The extended roundtrips is an un-escapable consequence.  If
>> >> necessary I believe we can define an upper boundary of the number
>> >> of roundtrips.
>> 
>> Well, any number >2 is a radical change in the TLS state machine.
>
> I agree; however, there are several ways to do the roundtrips,
> and some of them might be slightly less radical than the one
> current proposed in draft-santesson-tls-gssapi-01.
>
> Here's one sketch of how this could work:
>
>    ClientHello
>    (ciphersuite TLS_RSA_GSSAPI_WITH_AES128_CBC_SHA, 
>    gss_api extension with OID list)

I like this approach better, although I don't understand why you need
special GSSAPI ciphersuites, could you explain?  Wouldn't it be
possible to do this with an extension, to enable the extra roundtrips,
without touching the ciphersuites?

>    gss_wrap(channel binding info)) ----->

Using gss_wrap to wrap additional information, such as channel
bindings, has some similarities with the SASL GS2 mechanism.  Note
that it doesn't seem to work with authentication-only GSS-API
mechanisms that doesn't support GSS_Wrap.

In general, I'm in favor of any protocol that permits GSS-API
negotiation inside TLS but outside of the application data exchange.
The details are less important to me, and I think it should be
possible to come up with a good compromise here.

/Simon

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls