Re: KITTEN: IETF 75 - 76

To: Shawn M Emery <Shawn.Emery at sun.com>
Subject: Re: KITTEN: IETF 75 - 76
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Sun, 16 Aug 2009 18:51:22 -0500
Cc: kitten at ietf.org
Delivered-to: kitten at core3.amsl.com
In-reply-to: <4A87A69A.3050408 at sun.com>
List-archive: <http://www.ietf.org/mail-archive/web/kitten>
List-help: <mailto:kitten-request@ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-post: <mailto:kitten@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
References: <4A87A69A.3050408 at sun.com>
User-agent: Mutt/1.5.7i

On Sun, Aug 16, 2009 at 12:26:34AM -0600, Shawn M Emery wrote:
> Love had given a set of new work items that would be of interest, as 
> follows:
> 
>    1. initialization/new credentials
>    2. listing/iterating credentials
>    3. exporting/importing credentials

(1) is a complex matter as it requires interaction with users and needs
to cover such things as principal name, password, new password, PIN, PIN
change and other prompts.  A design is certainly possible.

(2) is really listing of principal names for which the caller has
credentials (we can already list mechanisms for which the caller has
credentials).  This is likely a difficult thing to design since we will
want to be able to control what principals GSS_Accept_sec_context() can
accept sec contexts for, and that means a significant revamp of the
semantics of CREDENTIAL HANDLEs _or_ a replacement for
GSS_Accept_sec_context().

>    4. error message reporting

Yes.  (I still believe in the "PGSSAPI" idea where, in the C bindings,
we change the semantics and type of the minor_status argument, though in
a binary backwards compatible way.  I can expand if desired.)

>    5. asynchronous calls

Developers can use threads to work around the lack of these, so it seems
to me that these should be a lower priority.

> ...along with Alexey's recent request for policy/encryption strength.

Yes.  This should be, IMO, a high priority.

> We are looking for authors and editors for any of these new items or 
> something else that you would like to see developed within KITTEN.

I'll edit, but I need co-authors who'll contribute text, API designs,
and energy to the list.

Nico
--

Follow-Ups:
- Re: KITTEN: IETF 75 - 76
  - From: Love Hörnquist Åstrand

References:
- KITTEN: IETF 75 - 76
  - From: Shawn M Emery

Prev by Date: Re: KITTEN: IETF 75 - 76
Next by Date: Re: KITTEN: IETF 75 - 76
Previous by thread: Re: KITTEN: IETF 75 - 76
Next by thread: Re: KITTEN: IETF 75 - 76
Index(es):
- Date
- Thread

Re: KITTEN: IETF 75 - 76

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.