Re: [TLS] the use cases for GSS-based TLS and the plea for

To: Martin Rex <Martin.Rex at sap.com>
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Fri, 20 Jul 2007 23:07:06 -0500
Cc: tls at ietf.org
In-reply-to: <200707202225.l6KMP1ow027548@fs4113.wdf.sap.corp>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <46A12124.4020000@it.su.se> <200707202225.l6KMP1ow027548@fs4113.wdf.sap.corp>
User-agent: Mutt/1.5.7i

Martin, I definitely agree about islands of trust.

If servers/acceptors/responders should be able to have credentials for
multiple islands of trust[*] then we need to have them tell the
client/initiator what "islands"[*] of authentication, and what
mechanisms, they have credentials for.

It may be too late to work federation negotiation into SPNEGO, but it
makes plenty of sense to me that application protocols should handle
federation and mechanism negotiation rather than pseudo-mechanisms.

Here's our chance to get that right for TLS.

*  "worlds" or "federations" or whatever we should call it; in the
   Liberty, OpenID and other such communities the term used is
   'federation;, so I propose we use that.

Nico
-- 

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] the use cases for GSS-based TLS and the plea for
  - From: Leif Johansson
- Re: [TLS] the use cases for GSS-based TLS and the plea for
  - From: Martin Rex

Prev by Date: Re: [TLS] the use cases for GSS-based TLS and the plea for
Next by Date: Re: [TLS] the use cases for GSS-based TLS and the plea for
Previous by thread: Re: [TLS] the use cases for GSS-based TLS and the plea for
Next by thread: Re: [TLS] the use cases for GSS-based TLS and the plea for
Index(es):
- Date
- Thread

Re: [TLS] the use cases for GSS-based TLS and the plea for

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.