On Fri, Dec 9, 2011 at 12:47 AM, abfab issue tracker <[email protected]> wrote: > #2: Section 1.4 - No discussion of transport GSS-API is running over > > This list of steps does not talk about the actual transport used between > the client and the RP in any of the steps. I believe that this needs to > be included as it is a core part of the architecture for an application > implementor or specification writer.
Huh? Why? Sure, we should recommend the use of TLS and channel binding to it for new applications, but there's nothing special about ABFAB (except for mechanisms that are too weak to use without a secure channel) here -- this is a general recommendation worth making no matter what the GSS mechanism that is in use. But also, existing applications do what they do, and it's not our place to tell them to do something else. We can say that some mechanism or other is not to be used outside a secure channel. Nico -- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
