RE: [TLS] Review of draft-santesson-tls-gssapi-00

[<Pasi.Eronen at nokia.com>]

Stefan Santesson wrote:

> The problem is that it is very hard to engage into a discussion 
> unless the objections are substantiated.

I can repeat one specific objection (made by several people already):
*all* current TLS key exchange mechanisms use exactly the same state
machine, i.e. the message exchange shown in Fig. 1 of RFC 2246, while
this proposal doesn't.

This would be quite radical change to TLS. For example, the base 
TLS spec assumes this state machine is always used, so either we 
need to change it to accommodate GSS-API, or the GSS-API document 
has to effectively overrule the base spec in many places.

(I also believe that implementation could be easier if the state
machine is not changed, but that's probably a secondary concern.)

<snip>
> Structurally, the problem with your proposal that has been pointed
> out to me is that many use of TLS requires authentication have to be
> established before the finished message, or it will be useless. This
> aspect needs to be analyzed to determined whether completing
> authentication before the finished message is an absolute
> requirement for a solution to be meaningful.

Could you explain why you think it will be useless?

We certainly have to complete the authentication (including GSS-API)
before we let application data through. In my proposal, that would
happen after the channel binding messages (not immediately after the
finished messages).

> As I understand this, the current status of this work is that 
> we have not yet decided to adopt this work item, but that we 
> should explore this issue further to see if we can come up 
> with an acceptable solution. It would be great if you could 
> confirm and elaborate how we will work towards a decision to 
> accept or reject this work.

Working backwards in time:

To accept this as WG work item, we need to recharter (and the charter
needs to be approved by IESG). Before I and Eric start discussions
about the new charter text with our AD, we would like to have rough WG
consensus that this is a good idea (and we have enough people to
actively work on this, review it, etc.). 

To determine the WG consensus, we will at some point do a straw poll,
at least on the mailing list and possibly at TLS WG meeting as well.

This didn't happen here in Prague, since there was no presentation
about GSS-API. On one hand, I would prefer to do a poll in a meeting
(I find it usually works better); on the other hand, I would also
prefer to have this settled before Chicago. 

Various people (not only Eric :-) have expressed objections to the 
current version of the draft, and some people have proposed changes 
that would make it more acceptable to them.  Before the straw poll, 
I think you should use the opportunity to have more discussion on 
the list, and revise the document (in whatever way you think would 
make the document more acceptable to the WG and help its progress).

(One related comment: the current draft has lot of technical details,
but practically no text about *why* you would want to do this. The
motivation has been explained in various presentations and discussions,
but I think including it in the document itself would be helpful.)

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls