Re: [TLS] the use cases for GSS-based TLS and the plea for

To: DPKemp at missi.ncsc.mil (Kemp David P.)
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
From: Martin Rex <Martin.Rex at sap.com>
Date: Fri, 20 Jul 2007 21:12:14 +0200 (MEST)
Cc: tls at ietf.org
In-reply-to: <FA998122A677CF4390C1E291BFCF598907D6058D@EXCH.missi.ncsc.mil> from "Kemp, David P." at Jul 20, 7 02:49:25 pm
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com

Kemp, David P. wrote:
> 
> It seems strange to criticize SPKM and SPNEGO for being ASN.1-based
> while not making the same criticism of Kerberos.   To what extent
> has the adoption and theoretical review of Kerberos been hampered
> by this "huge" roadblock?

When ASN.1 was less of a problem, then the ambiguity about
the AlgOID within PKCS#1 would not have been earlier detected,
it would not even exist!

Or you may want to look at the pity the PKI guys created with
certificate chains in ASN.1 containers (SOAP/WS-Security).
The PKI guys messed abused PKCS#7 containers and CertificatePairs
until they finally came up with a PKIPath.

The text of the defect report describing PKIPath (not easy to find)
is much better than what was added to the spec document.  But
both do not say a word whether a self-signed RootCA certs is
either prohibited, allowed, expected, required.  TLSv1.0
already recognized this ambiguity in SSLv3 and fixed it long ago.

-Martin

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] the use cases for GSS-based TLS and the plea for
  - From: Kemp, David P.

Prev by Date: RE: [TLS] encrypting GSS data: draft-santesson-tls-gssapi-03.txt
Next by Date: Re: [TLS] encrypting GSS data: draft-santesson-tls-gssapi-03.txt
Previous by thread: RE: [TLS] the use cases for GSS-based TLS and the plea for
Next by thread: [TLS] Negotiation in draft-santesson-tls-gssapi
Index(es):
- Date
- Thread

Re: [TLS] the use cases for GSS-based TLS and the plea for

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.