Re: domain-based service names redux

To: Martin Rex <Martin.Rex at sap.com>
Subject: Re: domain-based service names redux
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Fri, 15 Jun 2007 14:46:13 -0500
Cc: kitten at ietf.org, jhildebrand at jabber.com, linuxwolf at outer-planes.net, sasl at ietf.org
In-reply-to: <200706122103.l5CL3B2W029985@fs4113.wdf.sap.corp>
List-archive: <http://www1.ietf.org/pipermail/kitten>
List-help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-post: <mailto:kitten@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
Mail-followup-to: Martin Rex <Martin.Rex at sap.com>, Peter Saint-Andre <stpeter at jabber.org>, kitten at ietf.org, jhildebrand at jabber.com, linuxwolf at outer-planes.net, sasl at ietf.org
References: <466DCFBA.9020001@jabber.org> <200706122103.l5CL3B2W029985@fs4113.wdf.sap.corp>
User-agent: Mutt/1.5.7i

On Tue, Jun 12, 2007 at 11:03:11PM +0200, Martin Rex wrote:
> I never liked hostbased service names ;-)

Well, we undoubtably need principal names for hosts.  The service part
seems... less necessary.

That said, the service name component does simplify privilege separation
of different applications running on the same host because each can
manage its own keys without impacting the others.  Without service names
one has to ensure that there is a local facility for handling keys that
does not expose them to the apps, at least where said keys can be used
by one app against the other (typically that would be symmetric keys in
a protocol like Kerberos V).

Nico
-- 


_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

Follow-Ups:
- Re: domain-based service names redux
  - From: Martin Rex
- Re: domain-based service names redux
  - From: Michael B Allen

References:
- domain-based service names redux
  - From: Peter Saint-Andre
- Re: domain-based service names redux
  - From: Martin Rex

Prev by Date: Agenda Review
Next by Date: Hostbased service names (Re: domain-based service names redux)
Previous by thread: Re: domain-based service names redux
Next by thread: Re: domain-based service names redux
Index(es):
- Date
- Thread

Re: domain-based service names redux

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.