channel bindings and address types

To: kitten at ietf.org, sasl at ietf.org
Subject: channel bindings and address types
From: Simon Josefsson <simon at josefsson.org>
Date: Thu, 25 Jun 2009 16:54:40 +0200
Delivered-to: kitten at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/kitten>
List-help: <mailto:kitten-request@ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-post: <mailto:kitten@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux)

I'm working on GS2 and thinking about how the GSS-CHANNEL-BINDING
structure should be used.  In particular, I'm thinking of how to set the
address type fields in an implementation, quoting RFC 5554:

GSS-CHANNEL-BINDINGS ::= SEQUENCE {
              initiator-address-type  INTEGER,      -- See RFC2744
              initiator-address       OCTET STRING, -- See RFC2744
              acceptor-address-type   INTEGER,      -- See RFC2744
              acceptor-address        OCTET STRING, -- See RFC2744
              application-data        OCTET STRING  -- See RFC5056
      }

The values for the initiator-address-type and acceptor-address-type
fields are specified Appendix A of RFC 2744.  However, that is C
specific.  I can't find anything in RFC 2743 about the address types.
As far as I can tell, RFC 5554 does not improve this situation?

The conclusion appears to be that there are no implementation-agnostic
definition of the address type values?

I suggest we update RFC 2743/5554 and define symbols for GSS_C_AF_INET
etc in a implementation independent way.

Further, there are no address type value allocated for IPv6 address as
far as I can see?

I think SCRAM/GS2 needs to be able to support IPv6 end points.

/Simon

Follow-Ups:
- Re: channel bindings and address types
  - From: Ken Raeburn
- Re: channel bindings and address types
  - From: Nicolas Williams

Prev by Date: Protocol Action: 'Generic Security Service API Version 2 : Java Bindings Update' to Proposed Standard
Next by Date: Re: channel bindings and address types
Previous by thread: Protocol Action: 'Generic Security Service API Version 2 : Java Bindings Update' to Proposed Standard
Next by thread: Re: channel bindings and address types
Index(es):
- Date
- Thread

channel bindings and address types

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.