Re: GSSAPI authentication

[Jeffrey Hutzelman <jhutz%cmu.edu@localhost>]

On Thu, 21 Jun 2001, Jeff P. Van Dyke wrote:

> I believe at the last IETF meeting in Minnesota there
> was some discussion about combining the following two drafts:
> 
>    http://www.ietf.org/internet-drafts/draft-ietf-secsh-gsskeyex-01.txt
>    http://www.ietf.org/internet-drafts/draft-galb-secsh-gssapi-01.txt
> 
> Is that correct?
> 
> If so, what is the status of this work?

Would you believe you're the second person to ask about this _today_ ?

I wish I could say I was working on this, but the truth is I've been
rather busy and haven't gotten to updating the draft as soon as I'd like.

Joe Galbraith is one of the authors of the user auth draft mentioned
above, and he indicated he might have some time to work on the changes
involved in the merger.  I've sent him a brief description of what I had
in mind, as well as information about a couple of protocol changes we
discussed at the WG meeting in Minneapolis (particularly, signing the host
key during key exchange so that sessions don't have to die when the GSSAPI
creds used for the initial key exchange expire).

My goal is to get another version of this draft out soon enough that we
can take into account comments from implementors and this list, and get
any corrections out before the London IETF meeting.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA