Re: Please review: http gss authentication mech

To: Michael B Allen <mba2000 at ioplex.com>
Subject: Re: Please review: http gss authentication mech
From: Leif Johansson <leifj at it.su.se>
Date: Thu, 09 Nov 2006 22:20:25 +0100
Cc: kitten at ietf.org, lisa at osafoundation.org
In-reply-to: <20061109152142.479582b0.mba2000@ioplex.com>
List-archive: <http://www1.ietf.org/pipermail/kitten>
List-help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-post: <mailto:kitten@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
References: <45538042.5020301@it.su.se> <20061109152142.479582b0.mba2000@ioplex.com>
User-agent: Thunderbird 1.5.0.8 (Windows/20061025)

Michael B Allen wrote:
> I don't speak for kitten and I'm not familiar with the TLS channel binding
> thing but the only flaw in the Negotiate method that really that really
> jumps out is the conflict between stateful GSSAPI and stateless HTTP. How
> does your method address this issue?
>
>   
If I understand your question correctly the gss draft aims to solve this
problem by having the
server send state back to the client (state which is also used to do
fast reauth) with the challenge.
There are several ways to implement this, including short-cuts if you
use kerberos and proposed
extensions to allow exporting unfinished contexts from gssapi.

    Cheers Leif

_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

References:
- Please review: http gss authentication mech
  - From: Leif Johansson
- Re: Please review: http gss authentication mech
  - From: Michael B Allen

Prev by Date: Re: Please review: http gss authentication mech
Next by Date: Re: comments on java bindings update, draft-ietf-kitten-rfc2853bis-02
Previous by thread: Re: Please review: http gss authentication mech
Next by thread: RE: Please review: http gss authentication mech
Index(es):
- Date
- Thread

Re: Please review: http gss authentication mech

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.