RE: Please review: http gss authentication mech
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Please review: http gss authentication mech
Leif,
Regarding :
> I am under the impression that the proposed SASL mechanism doesn't
support channel
> bindings, partially because channel bindings have been a notoriously
difficult problem to get
> right in SASL space. Personally I din't see the value of adding the
extra layer of glue.
My understanding is that, if SASL is using GSS/Kerberos to protect HTTP
communications, then GSS channel bindings can be used, so SASL does not
need to have direct support for channel bindings. This is an advantage
of using a multi-layered architecture.
Cheers,
Tim
_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
