Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping

To: Nicolas Williams <Nicolas.Williams at sun.com>
Subject: Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
From: Jeffrey Hutzelman <jhutz at cmu.edu>
Date: Mon, 28 Jan 2008 17:19:04 -0500
Cc: kitten at ietf.org, Larry Zhu <lzhu at windows.microsoft.com>, IETF Kerberos Working Group <ietf-krb-wg at anl.gov>, jhutz at cmu.edu, hyc at symas.com
In-reply-to: <20080128204241.GK12865@Sun.COM>
List-archive: <http://www1.ietf.org/pipermail/kitten>
List-help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-post: <mailto:kitten@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
References: <E30895F8BA39B6439F5F1AAA1DBBFB523C49FAC200@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com> <4d569c330712071206q2284c13foad072cecb7ec81fd@mail.gmail.com> <2D438E30-4D65-4CE4-A85D-D096CE162F7E@jpl.nasa.gov> <E30895F8BA39B6439F5F1AAA1DBBFB52471115A210@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com> <20080127210717.GU12865@Sun.COM> <E30895F8BA39B6439F5F1AAA1DBBFB52472CC06F26@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com> <20080128194159.GF12865@Sun.COM> <2F99489E062D6942992B552C@sirius.fac.cs.cmu.edu> <20080128204241.GK12865@Sun.COM>

--On Monday, January 28, 2008 02:42:41 PM -0600 Nicolas Williams <Nicolas.Williams at sun.com> wrote:

On Mon, Jan 28, 2008 at 03:38:17PM -0500, Jeffrey Hutzelman wrote:

I should note that this is not a krb-wg document, and is getting close
to  off-topic here.  I started the discussion here because I was raising
an  issue specifically related to Kerberos and potentially broader than
just  PKU2U; namely, handling of mapping X.500 DN's to Kerberos
principal names.  It seems that particular issue has been resolved, at
least for PKU2U, by  observing that PKU2U needn't expose Kerberos
principal names and so doesn't  actually need such a mapping.

At this point, I think the remaining issues are not particularly
Kerberos  specific, and in fact much of this seems to touch on things
that affect  other GSS-API mechanisms and the work of the Kitten WG.  I
think it might  be worth taking the discussion of naming issues and
especially naming  extensions to the Kitten list.


KITTEN doesn't work on mechanisms either, but KITTEN is appropriate for
discussion of GSS-API naming issues.  So, yes, we should take this to
the KITTEN list, though eventually PKU2U will be off-topic there also.

I agree, PKU2U is clearly not in KITTEN's charter. However, IMHO it is an appropriate source for expert advice on GSS-API naming issues, and for expertise on GSS-API in general. I believe its members have been asked to look at PKU2U in the past, and their comments would certainly be welcome now, as it nears completion.

-- Jeff


_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

References:
- Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
  - From: Nicolas Williams

Prev by Date: Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
Next by Date: Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
Previous by thread: Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
Next by thread: Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
Index(es):
- Date
- Thread

Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.