Re: [TLS] the use cases for GSS-based TLS and the plea for

To: Martin Rex <Martin.Rex at sap.com>
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Fri, 20 Jul 2007 13:21:22 -0500
Cc: tls at ietf.org
In-reply-to: <200707201819.l6KIJOFW010809@fs4113.wdf.sap.corp>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070720175053.GL26603@Sun.COM> <200707201819.l6KIJOFW010809@fs4113.wdf.sap.corp>
User-agent: Mutt/1.5.7i

On Fri, Jul 20, 2007 at 08:19:24PM +0200, Martin Rex wrote:
> Nicolas Williams wrote:
> > 
> > On Fri, Jul 20, 2007 at 07:40:34PM +0200, Martin Rex wrote:
> > > What I meant (and forgot to add) was "certificate-based credential
> > > (self-signed when no PKI is used) as a mandatory to implement
> > > feature for interoperability".
> > > 
> > > If support of cert-based credentials is a mere MAY, then I am sure
> > > there will be servers/services where installing or using a PKI
> > > credential is impossible/defective/unusable, and you cannot complain
> > > to the vendor because not-supporting it is fully compliant with the spec.
> > 
> > I don't think this spec aims to change TLS 1.1 to make any current
> > cipher suites that are REQUIRED to implement no longer REQUIRED to
> > implement.  Nor would I support that, for interop reasons, of course.
> 
> This isn't about what the TLS implementation supports, but what
> subset of the TLS implementations features a server/service
> is able to use.

See Jeff's point about implementation versus deployment.

We could require the use of a self-signed cert if no PKI is available,
but, why?  (I gave an answer, of course, related to
draft-johansson-http-tls-cb).

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] the use cases for GSS-based TLS and the plea for
  - From: Nicolas Williams
- Re: [TLS] the use cases for GSS-based TLS and the plea for
  - From: Martin Rex

Prev by Date: Re: [TLS] the use cases for GSS-based TLS and the plea for
Next by Date: Re: [TLS] the use cases for GSS-based TLS and the plea for
Previous by thread: Re: [TLS] the use cases for GSS-based TLS and the plea for
Next by thread: Re: [TLS] the use cases for GSS-based TLS and the plea for
Index(es):
- Date
- Thread

Re: [TLS] the use cases for GSS-based TLS and the plea for

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.