Re: [TLS] Negotiation in draft-santesson-tls-gssapi

To: tls at ietf.org
Subject: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Wed, 18 Jul 2007 18:09:59 -0500
Cc:
In-reply-to: <20070718225633.GR24645@Sun.COM>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070718225633.GR24645@Sun.COM>
User-agent: Mutt/1.5.7i

I just noticed Martin's objection that mechanism negotiation must be
done at the TLS level to avoid a failure mode where GSS is selected but
no common mechanism is found, yet non-GSS/PSK TLS would have worked.

The current version of the I-D allows TLS to continue to make progress
if the GSS security context establishment fails.  This is good, but if
negotiation could be done at the TLS level then we can optimize
round-trips in this corner case.  I'm not sure if we care.

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] Negotiation in draft-santesson-tls-gssapi
  - From: Nicolas Williams

Prev by Date: RE: [TLS] Negotiation in draft-santesson-tls-gssapi
Next by Date: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
Previous by thread: RE: [TLS] Negotiation in draft-santesson-tls-gssapi
Next by thread: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
Index(es):
- Date
- Thread

Re: [TLS] Negotiation in draft-santesson-tls-gssapi

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.