Re: KITTEN: IETF 75 - 76

To: Nicolas Williams <Nicolas.Williams at sun.com>
Subject: Re: KITTEN: IETF 75 - 76
From: Love Hörnquist Åstrand <lha at kth.se>
Date: Tue, 18 Aug 2009 11:09:39 -0700
Cc: "kitten at ietf.org" <kitten at ietf.org>, Shawn M Emery <Shawn.Emery at sun.com>
Delivered-to: kitten at core3.amsl.com
In-reply-to: <20090817172632.GT1043 at Sun.COM>
List-archive: <http://www.ietf.org/mail-archive/web/kitten>
List-help: <mailto:kitten-request@ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-post: <mailto:kitten@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
References: <4A87A69A.3050408 at sun.com> <20090816235122.GP1043 at Sun.COM> <77312362-85D0-4BDC-AD16-28450B38C5CB at kth.se> <20090817172632.GT1043 at Sun.COM>

17 aug 2009 kl. 10:26 skrev Nicolas Williams:

Acceptors with creds for multiple principals have little choice but to
use GSS_C_NO_CREDENTIAL and check the resulting security context toseeif the acceptor principal (and mech, and, if we ever add it, QoPpolicy)is acceptable to the app. That's lame. I'd rather be able toacquire a
CREDENTIAL HANDLE for all the principals I'm willing to accept sec
contexts for and then use that.

The GSS-API concept of CREDENTIAL HANDLEs is a set of credentials for
the same principal, but different mechanisms. Changing this toallow it
to be a set of credentials for any {mechanism, principal} seems...
difficult, but perhaps fun anyways.


I don't care about this now, its not a problem I ever run in to.

In fact, I mostly run into the problem that app developer specify acredential handle, and for that reason the application doesn't workwith aliases and other mechs that the app author though about.


Love

References:
- KITTEN: IETF 75 - 76
  - From: Shawn M Emery
- Re: KITTEN: IETF 75 - 76
  - From: Nicolas Williams
- Re: KITTEN: IETF 75 - 76
  - From: Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76
  - From: Nicolas Williams

Prev by Date: Re: KITTEN: IETF 75 - 76
Next by Date: Re: KITTEN: IETF 75 - 76
Previous by thread: Re: KITTEN: IETF 75 - 76
Next by thread: Re: KITTEN: IETF 75 - 76
Index(es):
- Date
- Thread

Re: KITTEN: IETF 75 - 76

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.