[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authmeth-15 notes

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: authmeth-15 notes
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 20 Oct 2005 12:49:29 -0700
Cc: "Roger Harrison" <RHARRISON@novell.com>, <ietf-ldapbis@OpenLDAP.org>
In-reply-to: <hbf.20051013l7lf@bombur.uio.no>
References: <hbf.20050923ecmo@bombur.uio.no> <4337F19C.DBA8.00BF.0@novell.com> <hbf.20050927q6hw@bombur.uio.no> <434E39D3.DBA8.00BF.0@novell.com> <hbf.20051013l7lf@bombur.uio.no>

At 02:19 PM 10/13/2005, Hallvard B Furuseth wrote:
>What happened to text about ciphersuite renegotiations and channel
>bindings, whatever that is, which Kurt has requested sometimes? 

IIRC, I wanted to things.  One is a general note that authorization
is subject to numerous factors.  This is covered in section 3.2
and 4 (though not specifically in the latter section).  The Second
is to note that upon ciphersuite renegotiation, both peers
must again verify that resulting data security protections are
adequate.  This is kind of covered in 3.1.4.  It might also be
appropriate to note this in 3.3 as well.  Maybe just clarify:
  After TLS negotiation is completed
applies both to initial and any subsequent negotiation.
Possibly:
  s/negotiation/(initial as well any subsequent) negotiation/

It might be useful to say something about channel bindings,
but I don't have any specific suggestions at this time.

Kurt

References:
- Re: authmeth-15 notes
  - From: "Roger Harrison" <RHARRISON@novell.com>
- Re: authmeth-15 notes
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: authmeth-16 TLS issues
Next by Date: authmeth-16: auth state & silent change to anonymous
Index(es):
- Chronological
- Thread