[TLS] RE: Review of draft-santesson-tls-gssapi-00
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[TLS] RE: Review of draft-santesson-tls-gssapi-00
Simon Josefsson wrote:
> > I'm not sure if I understand this concern. Certainly a TLS library
> > doing GSS-API would tell the application "handshake completed"
> > only after the GSS-API part was also completed?
>
> I'm not convinced of that. It is useful for TLS library APIs to be
> consistent with the TLS protocol. Your proposal was to add the
> GSS-API negotiation after the TLS handshake.
Well, Stefan's draft is about adding GSS-API based authentication to
TLS; my proposal was simply to rearrange the message order (and adjust
some other details like message types and exactly how the crypto part
works) to make it fit "nicer" with RFC 4346.
Regardless of the message order (and other details), GSS-API
authentication becomes part of the TLS protocol. But certainly the
exact message order should not have impact on the TLS library APIs.
Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
