[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Compromise Authentication Proposal

To: Mark C Smith <mcs@netscape.com>
Subject: Re: Compromise Authentication Proposal
From: Chris Newman <Chris.Newman@INNOSOFT.COM>
Date: Tue, 06 Oct 1998 22:42:27 -0700 (PDT)
Cc: Paul Leach <paulle@microsoft.com>, IETF LDAP Extensions WG <ietf-ldapext@netscape.com>, ietf-sasl@imc.org
In-reply-to: <361AC7F6.FA153D1D@netscape.com>
Resent-date: Tue, 06 Oct 1998 22:42:44 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"BYy5X.0.AA.Jzl6s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

On Tue, 6 Oct 1998, Mark C Smith wrote:
> 4) Section 2.1.2 (Step Two): somewhere we need to define the serv-type
> for all the protocols we care about.  It would be nice to refer to
> something like the IANA list of protocol names or URI prefixes or
> something, but I see "www" is used for HTTP.  LDAP should use "ldap" of
> course.

SASL explicitly references the GSSAPI service type registry.  It's at:

<http://www.isi.edu/in-notes/iana/assignments/gssapi-service-names>

I think the Digest spec should reference this as well.  This leverages the
service names used by Kerberos, and has an authentication focus.  It would
be bad if Kerberos and Digest used different service name registries, as
the higher level API would then have to pass down two parameters rather
than one.

There are actually two other service registries -- the one for WKS records
in DNS, and the one for domain name naming conventions.  The WKS record
registry is full of junk, so I wouldn't want to use that.  The domain name
naming convention has a different purpose (user friendly names), rather
than the purpose of dividing services into separately manageable groups.

		- Chris

References:
- Re: Compromise Authentication Proposal
  - From: mcs@netscape.com (Mark C Smith)

Prev by Date: Re: Digest Authentication over TLS
Next by Date: Re: Compromise Authentication Proposal
Index(es):
- Chronological
- Thread