Re: gss userauth

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: gss userauth
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Thu, 4 Sep 2003 17:22:44 -0700

On Thu, Sep 04, 2003 at 08:22:07PM -0400, Jeffrey Hutzelman wrote:
> On Thursday, September 04, 2003 16:58:09 -0700 Nicolas Williams 
> <Nicolas.Williams%sun.com@localhost> wrote:
> >On Thu, Sep 04, 2003 at 04:29:47PM -0600, Joseph Galbraith wrote:
> >>All right-- so the big question is--
> >>have we reached consensus for reals
> >>this time?
> >
> >What's the consensus?  That gssapi and external-keyex userauth are to be
> >deprecated and replaced with forms that correctly bind the context to
> >the session?
> 
> Yes.  Particularly:
> 
> - Obsolete external-keyex; it should not be used.
> - Replace 'gssapi' with 'gssapi-with-mic'
> - Add 'gssapi-keyex' to send a MIC using the context established during key 
> exchange.

So, obsolete and replace the two gss-related userauths.  I agree.

Cheers,

Nico
--

References:
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Joel N. Weber II
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Markus Friedl
- Re: gss userauth
  - From: Nicolas Williams
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Joseph Galbraith
- Re: gss userauth
  - From: Nicolas Williams
- Re: gss userauth
  - From: Jeffrey Hutzelman

Prev by Date: Re: gss userauth
Next by Date: I-D ACTION:draft-ietf-secsh-dns-05.txt
Previous by Thread: Re: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index