[TLS] Re: the use cases for GSS-based TLS and the plea for integrating

To: Chris Newman <Chris.Newman at Sun.COM>
Subject: [TLS] Re: the use cases for GSS-based TLS and the plea for integrating
From: Simon Josefsson <simon at josefsson.org>
Date: Thu, 26 Jul 2007 17:46:58 +0200
Cc: tls at ietf.org
In-reply-to: <48A6320349FD1EDBE937A357@dhcp-26f9.ietf69.org> (Chris Newman's message of "Wed, 25 Jul 2007 14:24:31 -0500")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <200707171840.l6HIeg9M018099@fs4113.wdf.sap.corp> <48A6320349FD1EDBE937A357@dhcp-26f9.ietf69.org>
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Chris Newman <Chris.Newman at Sun.COM> writes:

> sufficient that it might deploy.  Specifically, is this likely to be
> implemented in multiple TLS stacks?  Are applications that consume TLS

I believe GSS-API support in TLS, either directly, or through some
generic external-authentication-protocol (which may use channel bindings
to bind the external authentication to the TLS stream) is a good idea.
We all know RFC 2712 is broken. GSSAPI-in-TLS seems like a simple way
fix both RFC 2712 and enable other useful things.

I've been planning to implement Kerberos/GSS-API support in GnuTLS, but
until there is consensus around a specific protocol I can't start.

I think it would be useful if those who are opposed to the past, and
current, GSSAPI-in-TLS proposals describe how they like GSS-API to be
implemented in TLS rather than criticizing the proposals.
Alternatively, if they see any other non-GSS-API way to integrate
Kerberos into TLS, as that appear to be the main use-case for
GSSAPI-in-TLS.

/Simon

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- [TLS] Re: the use cases for GSS-based TLS and the plea for integrating
  - From: Martin Rex
- Re: [TLS] Re: the use cases for GSS-based TLS and the plea for integrating
  - From: Leif Johansson

References:
- Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
  - From: Martin Rex
- Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
  - From: Chris Newman

Prev by Date: RE: [TLS] the use cases for GSS-based TLS and the plea for integrating
Next by Date: RE: [TLS] the use cases for GSS-based TLS and the plea for integrating
Previous by thread: RE: [TLS] the use cases for GSS-based TLS and the plea for integrating
Next by thread: Re: [TLS] Re: the use cases for GSS-based TLS and the plea for integrating
Index(es):
- Date
- Thread

[TLS] Re: the use cases for GSS-based TLS and the plea for integrating

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.