Re: [TLS] Negotiation in draft-santesson-tls-gssapi

To: Martin Rex <Martin.Rex at sap.com>
Subject: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Thu, 19 Jul 2007 18:19:42 -0500
Cc: tls at ietf.org
In-reply-to: <200707190349.l6J3nf2v013677@fs4113.wdf.sap.corp>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <200707190205.l6J25Dln007329@fs4113.wdf.sap.corp> <200707190349.l6J3nf2v013677@fs4113.wdf.sap.corp>
User-agent: Mutt/1.5.7i

On Thu, Jul 19, 2007 at 05:49:41AM +0200, Martin Rex wrote:
> I notice, however, that I still consider the necessary contortions
> to run the entire GSS-API context establishment within TLS and
> the TLS handshake according to the current ID _MAGNITUDES_ worse
> if one also wants to make use of all the various GSS-API
> features and extensions.

One should not.  This I-D is roughly akin to RFC4462 (SSHv2 w/ GSS).

> For cached&resumed SSL sessions, there are no additonal roundtrips
> in either case (just the unexplained dirty hacks for the current ID
> in order to get access to GSS-API attributes of the original
> full SSL handshake).

Correct.

> Personally, I do not consider the additional roundtrips of the
> GSS-API context establishment a showstopper.  The overhead of

Me either.  But that's not what Larry meant, I think.  See my other
reply just now.

Nico
-- 

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Negotiation in draft-santesson-tls-gssapi
  - From: Martin Rex
- Re: [TLS] Negotiation in draft-santesson-tls-gssapi
  - From: Martin Rex

Prev by Date: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
Next by Date: RE: [TLS] Negotiation in draft-santesson-tls-gssapi
Previous by thread: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
Next by thread: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
Index(es):
- Date
- Thread

Re: [TLS] Negotiation in draft-santesson-tls-gssapi

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.