Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping

To: Nicolas Williams <Nicolas.Williams at sun.com>
Subject: Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
From: "Henry B. Hotz" <hotz at jpl.nasa.gov>
Date: Mon, 28 Jan 2008 15:46:07 -0800
Cc: kitten at ietf.org, hyc at symas.com, IETF Kerberos Working Group <ietf-krb-wg at anl.gov>, Jeffrey Hutzelman <jhutz at cmu.edu>
In-reply-to: <20080128204241.GK12865@Sun.COM>
List-archive: <http://www1.ietf.org/pipermail/kitten>
List-help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-post: <mailto:kitten@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
References: <E30895F8BA39B6439F5F1AAA1DBBFB523C49FAC200@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com> <4d569c330712071206q2284c13foad072cecb7ec81fd@mail.gmail.com> <2D438E30-4D65-4CE4-A85D-D096CE162F7E@jpl.nasa.gov> <E30895F8BA39B6439F5F1AAA1DBBFB52471115A210@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com> <20080127210717.GU12865@Sun.COM> <E30895F8BA39B6439F5F1AAA1DBBFB52472CC06F26@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com> <20080128194159.GF12865@Sun.COM> <2F99489E062D6942992B552C@sirius.fac.cs.cmu.edu> <20080128204241.GK12865@Sun.COM>


On Jan 28, 2008, at 12:42 PM, Nicolas Williams wrote:

On Mon, Jan 28, 2008 at 03:38:17PM -0500, Jeffrey Hutzelman wrote:
I should note that this is not a krb-wg document, and is getting close to off-topic here. I started the discussion here because I was raising an issue specifically related to Kerberos and potentially broader than just PKU2U; namely, handling of mapping X.500 DN's to Kerberos principal names. It seems that particular issue has been resolved, at least for PKU2U, by observing that PKU2U needn't expose Kerberos principal names and so doesn't actually need such a mapping.

At this point, I think the remaining issues are not particularly Kerberos specific, and in fact much of this seems to touch on things that affect other GSS-API mechanisms and the work of the Kitten WG. I think it might be worth taking the discussion of naming issues and especially naming extensions to the Kitten list.
KITTEN doesn't work on mechanisms either, but KITTEN is appropriate for discussion of GSS-API naming issues. So, yes, we should take this to the KITTEN list, though eventually PKU2U will be off-topic there also.

Nico


Since I'm not on that list, I'll throw my 2 cents in here:

It would be nice if you could do a gss_compare_name() between smith at EXAMPLE.COM and uid=smith,ou=People,dc=example,dc=com and get a "true" result. I think the detail you threw out was headed in that direction, but it wasn't clear to me if it would get you all the way there.

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu


_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

Follow-Ups:
- Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
  - From: Nicolas Williams

References:
- Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
  - From: Nicolas Williams

Prev by Date: Re: the PKU2U DN to Kerberos Principal name mapping
Next by Date: Fwd: [Ietf-krb-wg] [Fwd: [Standards] NEW: XEP-0233 (Use of Domain-Based Service Names in XMPP SASL Negotiation)]
Previous by thread: Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
Next by thread: Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping
Index(es):
- Date
- Thread

Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.