RE: [TLS] the use cases for GSS-based TLS and the plea for

["Kemp, David P." <DPKemp@missi.ncsc.mil>]

-----Original Message-----
From: Martin Rex [mailto:Martin.Rex@sap.com] 
Sent: Friday, July 20, 2007 12:51 PM

[Many excellent points and much cogent discussion snipped ...]

So part of the defects are regular toothing problems that are
to be expected.  My main criticism about SPKM and SPNEGO was
their heavy use of ASN.1, which has historically been a reliable
way to prevent high numbers of independent implementation and
early adoption, and it probably still is a huge roadblock
in theoretical review (because of a general lack of intimacy
with ASN.1 among implementors.  This may be attributed to
the fee-based distribution model of the ASN.1 specs and
the fact that it has been spread across a huge number of
documents and defect reports plus not fully backwards-compatible
revisioning.

-----End Original Message-----



It seems strange to criticize SPKM and SPNEGO for being ASN.1-based
while not making the same criticism of Kerberos.   To what extent
has the adoption and theoretical review of Kerberos been hampered
by this "huge" roadblock?   And of course, SNMP
(http://www.ibr.cs.tu-bs.de/~schoenw/papers/sane-2002.pdf) has been a
huge failure in
the marketplace for the same reasons :-)

I don't disagree that the learning curve for ASN.1 is steeper than
for bits-in-boxes (http://www.ietf.org/rfc/rfc791.txt)  But anyone
who wishes to learn has open source software to look at, as well
as the ability to obtain free copies of ITU specs (no registration
required, no more limit of 3 freebies per year), including X.680
http://www.itu.int/rec/T-REC-X.680-200207-I/en.

Dave



_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls