IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: gss userauth
> Why are you uncomfortable with GSS channel bindings? We know that they
> work, from experience, where they are supported. The lack of support
> for channel bindings across the board is definitely one good reason to
> be uncomfortable with using that facility to tackle this problem.
So, is there any deployed software anywhere that uses GSS channel
bindings with krb5 gssapi? Or with gsi gssapi? If so, is there more
than one independent implementation with demonstrated
interoperability?
I strongly believe we should pick an approach that involves the use of
a MIC.
And I also don't see that channel bindings really buy us anything.
There are ways to do a MIC that will allow an old client to
interoperate with a new server, and vice versa. Do channel bindings
ever allow the problems to be solved without upgrading both the client
and server?
Home |
Main Index |
Thread Index |
Old Index