headers
Shawn M Emery | 5 Feb 2008 08:34
Picon

Re: Concerns about domain based names drafts


There has been no objections to leaving the *_utf8() function 
definitions in these drafts.  Does the wg believe that the updated 
descriptions are sufficient to proceed?

Shawn.
--
Alexey Melnikov wrote:
> Nicolas Williams wrote:
>
>>> Section 5 seems to normatively introduce gss_import_name_utf8.  The
>>> specification of that function is not sufficient for implementation.
>>> In addition, I didn't think we planned to introduce import_name_utf8
>>> or display_name_utf8 in this spec.  I thought we intended to have an
>>> informational note explaining how those functions will deal with the
>>> domain based names.
>>> The behavior for ACE encodings ing existings functions does need to be
>>> normative.
>>>   
>> I believe the *_utf8() functions belong in this document.  I see no
>> reason to publish a separate RFC just describing those two functions.
>> I've seen no objections from the WG, but if desired we can call for
>> consensus.  I've updated the description, however, to be more exact.
>>  
>>
> Speaking as an individual: no objections from me.
>
>> The *_utf8() functions are recommended, while the ACE behaviour of the
>> regular functions is required.
>>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Martin Rex | 7 Feb 2008 19:27
Picon
Favicon

Re: [Ietf-krb-wg] the PKU2U DN to Kerberos Principal name mapping

Jeffrey Hutzelman wrote:
> 
> --On Monday, January 28, 2008 05:55:04 PM -0600 Nicolas Williams 
> <Nicolas.Williams <at> sun.com> wrote:
> 
> > I'm not sure that we actually want GSS_Compare_name() to sport such
> > behaviour, as opposed to having a new function that does, because it's
> > pushing things a bit to say that the two NAME objects passed to it are
> > equal representations of the same principal.  They are representations
> > of the same principal name, just not _equal_ representations of it.
> 
> That's OK.  GSS_Compare_name is defined to return a true result when the 
> names represent the same entity, not only when they are the same.  This 
> appears to be exactly what GSS_Compare_name is for, so no, I don't think we 
> need a new interface for this.

Personally, I would prefer to see a new API instead of seeing an
existing API being frobbed in such new ways.

A possibility to extract all sorts of attributes from Certificates
besides the Subject DName (and in particular for Kerberos mechanisms)
is extremely non-portable and may often not even locally work
in a (application-provider) predictable fashion.

Example: although the nametypes User Name Form (GSS_C_NT_USER_NAME)
and Machine UID Form (GSS_C_NT_MACHINE_UID_NAME) are
specified at the generic level (rfc2743), the translation of
any such name into an authenticated identity is fairly unspecified,
and not just implementation defined, but in addition may depend
on local configuration.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Internet-Drafts | 25 Feb 2008 10:30
Picon
Favicon

I-D Action:draft-ietf-kitten-extended-mech-inquiry-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Kitten (GSS-API Next Generation) Working Group of the IETF.

	Title           : Extended Generic Security Service Mechanism Inquiry APIs
	Author(s)       : N. Williams
	Filename        : draft-ietf-kitten-extended-mech-inquiry-03.txt
	Pages           : 12
	Date            : 2008-02-25

This document introduces new application programming interfaces
(APIs) to the Generic Security Services API (GSS-API) for extended
mechanism attribute inquiry.  These interfaces are primarily intended
to reduce instances of hardcoding of mechanism identifiers in GSS
applications.

These interfaces include: mechanism attributes and attribute sets, a
function for inquiring the attributes of a mechanism, a function for
indicating mechanisms that posses given attributes, and a function
for displaying mechanism attributes.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-kitten-extended-mech-inquiry-03.txt

To remove yourself from the I-D Announcement list, send a message to
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of 
the message.
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the
(Continue reading)

Permalink | Reply | 0 comments |
headers
Internet-Drafts | 25 Feb 2008 10:30
Picon
Favicon

I-D Action:draft-ietf-kitten-gssapi-channel-bindings-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Kitten (GSS-API Next Generation) Working Group of the IETF.

	Title           : Clarifications and Extensions to the GSS-API for the Use of Channel Bindings
	Author(s)       : N. Williams
	Filename        : draft-ietf-kitten-gssapi-channel-bindings-03.txt
	Pages           : 9
	Date            : 2008-02-25

This document clarifies and generalizes the Generic Security Services
Application Programming Interface (GSS-API) "channel bindings"
facility, and imposes requirements on future GSS-API mechanisms and
programming language bindings of the GSS-API.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-channel-bindings-03.txt

To remove yourself from the I-D Announcement list, send a message to
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of 
the message.
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the 
username "anonymous" and a password of your e-mail address. After 
logging in, type "cd internet-drafts" and then
	"get draft-ietf-kitten-gssapi-channel-bindings-03.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
(Continue reading)

Permalink | Reply | 0 comments |
headers
Internet-Drafts | 25 Feb 2008 10:30
Picon
Favicon

I-D Action:draft-ietf-kitten-gssapi-extensions-iana-02.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Kitten (GSS-API Next Generation) Working Group of the IETF.

	Title           : Namespace Considerations and Registries for GSS-API Extensions
	Author(s)       : N. Williams
	Filename        : draft-ietf-kitten-gssapi-extensions-iana-02.txt
	Pages           : 8
	Date            : 2008-02-25

This document describes the ways in which the GSS-API may be extended
and directs the creation of IANA registries for various GSS-API
namespaces.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-extensions-iana-02.txt

To remove yourself from the I-D Announcement list, send a message to
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of 
the message.
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the 
username "anonymous" and a password of your e-mail address. After 
logging in, type "cd internet-drafts" and then
	"get draft-ietf-kitten-gssapi-extensions-iana-02.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
(Continue reading)

Permalink | Reply | 0 comments |
headers
Shawn M Emery | 1 Mar 2008 07:23
Picon

IETF 71 Agenda


Please review the meeting agenda for IETF 71:

http://www.ietf.org/proceedings/08mar/agenda/kitten.txt

and let us know if you would like to add or change anything.

Shawn.
--
Permalink | Reply | 0 comments |

Gmane