Re: [TLS] Straw poll on TLS SRP status

To: "Chris Newman" <Chris.Newman at Sun.COM>, <Pasi.Eronen at nokia.com>, <tls at ietf.org>
Subject: Re: [TLS] Straw poll on TLS SRP status
From: "tom.petch" <cfinss at dial.pipex.com>
Date: Fri, 25 May 2007 12:03:22 +0200
Cc:
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <B356D8F434D20B40A8CEDAEC305A1F24042BE8D1@esebe105.NOE.Nokia.com> <07218C52A88620B12CA9BF4C@[10.0.1.21]>
Reply-to: "tom.petch" <cfinss at dial.pipex.com>

----- Original Message -----
From: "Chris Newman" <Chris.Newman at Sun.COM>
To: <Pasi.Eronen at nokia.com>; <tls at ietf.org>
Sent: Thursday, May 24, 2007 6:06 PM
Subject: Re: [TLS] Straw poll on TLS SRP status


> Pasi.Eronen at nokia.com wrote on 5/24/07 13:33 +0300:
> > The question is: Do you support advancing draft-ietf-tls-srp as
> > Proposed Standard?
> >
> >    [ ] Yes.
> >    [ ] I think Informational/Experimental is better.
> >    [ ] I don't care about the status, just get it published.
> >    [ ] Something else, please state:
>
>
> It's my technical opinion that adding new user-level authentication mechanisms
> to the TLS layer is not a good idea in general.  TLS APIs are already quite
> complex and can be difficult to use.  Client certificate authentication has
> been there long enough that it's a known quantity how to dig the necessary
> details out of the TLS layer for an application to consume, however more
> traditional user-level authentication is a different beast.  As GSSAPI and
SASL
> APIs have shown, designing general-purpose user-level authentication APIs is
> very difficult, by itself tends to create APIs most people can't understand,
> and it's not clear to me it's a good idea to add all that complexity to the
> existing TLS APIs.  I'd much rather keep user-level authentication as a
> separate subsystem and promote channel bindings on the standards track
instead.
>
> What do others on the list think about this issue?
>
>                 - Chris
>
I agree with you; we are making a complex technical situation (ignoring legal
issues such as IPR) yet more complex which leads me to

   [X] Something else, please state:

Do not publish this as an RFC.  If this is a single transferrable preference
system (I just love Irish general elections, voting was yesterday) then my
second preference is

   [X] I think Informational/Experimental is the next less bad

Tom Petch


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Straw poll on TLS SRP status
  - From: Tom Wu

References:
- [TLS] Straw poll on TLS SRP status
  - From: Pasi.Eronen
- Re: [TLS] Straw poll on TLS SRP status
  - From: Chris Newman

Prev by Date: Re: [TLS] Straw poll on TLS SRP status
Next by Date: Re: [TLS] Straw poll on TLS SRP status
Previous by thread: Re: [TLS] Straw poll on TLS SRP status
Next by thread: Re: [TLS] Straw poll on TLS SRP status
Index(es):
- Date
- Thread

Re: [TLS] Straw poll on TLS SRP status

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.