Re: [TLS] the use cases for GSS-based TLS and the plea for integrating

To: Chris Newman <Chris.Newman at Sun.COM>
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
From: Leif Johansson <leifj at it.su.se>
Date: Thu, 26 Jul 2007 22:00:15 +0200
Cc: tls at ietf.org
In-reply-to: <C4E819FF73EA6ED22A3906CD@446E7922C82D299DB29D899F>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <200707171840.l6HIeg9M018099@fs4113.wdf.sap.corp> <48A6320349FD1EDBE937A357@dhcp-26f9.ietf69.org> <C4E819FF73EA6ED22A3906CD@446E7922C82D299DB29D899F>
User-agent: Thunderbird 1.5.0.12 (X11/20070604)

>
> I'd agree that implementers only want to integrate one security
> services layer. But some implementers want their security services
> layer and identity stack to be as cleanly separated as possible so a
> tight binding between the two is not desirable.  TLS only provides
> certificate-based identity today, a mechanism that is very different
> from other user identity services because it does not require the TLS
> stack to perform a user identity network lookup in the middle of the
> TLS handshake.  Doing that means the TLS stack suddenly has to
> communicate problems talking to the identity lookup service through
> the TLS stack and back to the application.
>
Username+password has the same property right? Would you support a
password-based
scheme inside TLS or would you support removing authentication from TLS
entierly?

    Cheers Leif


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
  - From: Chris Newman
- RE: [TLS] the use cases for GSS-based TLS and the plea for integrating
  - From: Kemp, David P.

References:
- Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
  - From: Martin Rex
- Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
  - From: Chris Newman
- RE: [TLS] the use cases for GSS-based TLS and the plea for integrating
  - From: Chris Newman

Prev by Date: RE: [TLS] the use cases for GSS-based TLS and the plea for integrating
Next by Date: RE: [TLS] the use cases for GSS-based TLS and the plea for integrating
Previous by thread: Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
Next by thread: RE: [TLS] the use cases for GSS-based TLS and the plea for integrating
Index(es):
- Date
- Thread

Re: [TLS] the use cases for GSS-based TLS and the plea for integrating

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.