Re: Please consider forward motion on PRF and mechanism attributes

To: Sam Hartman <hartmans-ietf at mit.edu>
Subject: Re: Please consider forward motion on PRF and mechanism attributes
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Mon, 11 Apr 2005 18:39:31 -0500
Cc: kitten at ietf.org
In-reply-to: <20050411225114.GF7608@binky.Central.Sun.COM>
List-archive: <http://www1.ietf.org/pipermail/kitten>
List-help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-post: <mailto:kitten@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
Mail-followup-to: Sam Hartman <hartmans-ietf at mit.edu>, kitten at ietf.org
References: <tslfyxxc5uj.fsf@cz.mit.edu> <20050411225114.GF7608@binky.Central.Sun.COM>
Sender: kitten-bounces at ietf.org
User-agent: Mutt/1.4.1i

On Mon, Apr 11, 2005 at 05:51:14PM -0500, Nicolas Williams wrote:
> On Mon, Apr 11, 2005 at 06:21:24PM -0400, Sam Hartman wrote:
> > 
> > 
> > Hi.  I'd like to ask the working group to consider trying to move
> > forward the PRF drafts rapidly.  In addition, while I don't think we
> > are close to being in a position to know what mechanism attributes we
> > want, I'd love to have consensus on the APIs for accessing mechanism
> > attributes.
> > 
> > Having forward progress on these items may end up helping a proposal
> > Joe Salowey is working on.
> 
> As far as I'm concerned the I-Ds are ready for WG LC.
> 
> That said, we may want to remove the restriction that the krb5 GSS_Prf()
> cannot be ready prior to full context establishment.  Applications that
> use GSS_Prf() can certainly ensure that they call it in synchronized
> fashion before OR after full context establishment.  I mention this ONLY
> as a result of your other post today about negotiation and composite
> mechanisms -- having GSS_Prf() prior to full context establishment could
> help construct stackable pseudo-mechanisms that protect against
> manipulation of its context tokens into those of underlying mechanisms'.

Er, disregard that suggestion -- there's never a partially established
security context for the Kerbers V GSS mechanism on the acceptor side...

_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

References:
- Please consider forward motion on PRF and mechanism attributes
  - From: Sam Hartman
- Re: Please consider forward motion on PRF and mechanism attributes
  - From: Nicolas Williams

Prev by Date: Re: Please consider forward motion on PRF and mechanism attributes
Next by Date: Working Group Last Call: draft-ietf-kitten-krb5-gssapi-prf-02.txt and draft-ietf-kitten-gssapi-prf-02.txt
Previous by thread: Re: Please consider forward motion on PRF and mechanism attributes
Next by thread: Bill told us so: stackable mechs, SPNEGO and substitutions
Index(es):
- Date
- Thread

Re: Please consider forward motion on PRF and mechanism attributes

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.