Re: gss userauth

To: Nicolas Williams <Nicolas.Williams%sun.com@localhost>, Joseph Galbraith <galb-list%vandyke.com@localhost>
Subject: Re: gss userauth
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Thu, 04 Sep 2003 20:22:07 -0400

On Thursday, September 04, 2003 16:58:09 -0700 Nicolas Williams<Nicolas.Williams%sun.com@localhost> wrote:

On Thu, Sep 04, 2003 at 04:29:47PM -0600, Joseph Galbraith wrote:

All right-- so the big question is--
have we reached consensus for reals
this time?


What's the consensus?  That gssapi and external-keyex userauth are to be
deprecated and replaced with forms that correctly bind the context to
the session?


Yes.  Particularly:

- Obsolete external-keyex; it should not be used.
- Replace 'gssapi' with 'gssapi-with-mic'

- Add 'gssapi-keyex' to send a MIC using the context established during keyexchange.


I will send some text for the latter two sometime tomorrow morning.

-- Jeff

Follow-Ups:
- Re: gss userauth
  - From: Nicolas Williams

References:
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Joel N. Weber II
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Markus Friedl
- Re: gss userauth
  - From: Nicolas Williams
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Joseph Galbraith
- Re: gss userauth
  - From: Nicolas Williams

Prev by Date: Re: gss userauth
Next by Date: Re: gss userauth
Previous by Thread: Re: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index