Re: Please review: http gss authentication mech

To: Tim Alsop <Tim.Alsop at CyberSafe.Com>
Subject: Re: Please review: http gss authentication mech
From: Leif Johansson <leifj at it.su.se>
Date: Fri, 10 Nov 2006 00:09:18 +0100
Cc: Kitten <kitten at ietf.org>, Lisa Dusseault <lisa at osafoundation.org>
In-reply-to: <0D8F2EFD3A10E24DAEEA48EA6DA07D3029953B@postman-pat.csafe.local>
List-archive: <http://www1.ietf.org/pipermail/kitten>
List-help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-post: <mailto:kitten@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
References: <0D8F2EFD3A10E24DAEEA48EA6DA07D3029953B@postman-pat.csafe.local>
User-agent: Thunderbird 1.5.0.8 (Windows/20061025)

Tim Alsop wrote:
> Leif,
>
> Have you considered using SASL over HTTP with GSS-API, as described in :
>
> http://tools.ietf.org/wg/sasl/draft-nystrom-http-sasl-12.txt 
>
> I was under the impression that the above draft was the preferred method
> to improve on the HTTP negotiate approach.
>
>
>   
I am under the impression that the proposed SASL mechanism doesn't
support channel
bindings, partially because channel bindings have been a notoriously
difficult problem to get
right in SASL space. Personally I din't see the value of adding the
extra layer of glue.

    Cheers Leif


_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

Follow-Ups:
- RE: Please review: http gss authentication mech
  - From: Tim Alsop
- Re: Please review: http gss authentication mech
  - From: RL 'Bob' Morgan

References:
- RE: Please review: http gss authentication mech
  - From: Tim Alsop

Prev by Date: Re: comments on java bindings update, draft-ietf-kitten-rfc2853bis-02
Next by Date: Re: Please review: http gss authentication mech
Previous by thread: RE: Please review: http gss authentication mech
Next by thread: Re: Please review: http gss authentication mech
Index(es):
- Date
- Thread

Re: Please review: http gss authentication mech

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.