Please review: http gss authentication mech

[Leif Johansson <leifj at it.su.se>]

At the informal bar-bof yesterday in San Diego it was decided that I should
send my drafts describing a new http gss authentication mechanism to
this list.

Note that these drafts are not intended for inclusion in the kitten
charter at
this or any future time. They are only presented to this list for review
by gss
experts.

By way of background this draft (and the related draft describing channel
bindings for http+tls) describes a successor (but not update) to  the 
negotiate
http auth mech which hopes to solve some of the drawbacks of this
mechanism.
The orginal motivation for this work was requirements from the calcify
wg who
expressed the need for a better authentication mechanism (than plain
passwords)
for applications using http as a transport but not using a browser as a
client.

Please note that this is a 00 version and new versions with
modifications based
on discussions from yesterday are forthcoming.

http://www.ietf.org/internet-drafts/draft-johansson-http-gss-00.txt
http://www.ietf.org/internet-drafts/draft-johansson-http-tls-cb-00.txt

       Cheers Leif

_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten