* Victor Duchovni wrote on Tue, Sep 25, 2007 at 09:27 -0400: > On Tue, Sep 25, 2007 at 11:58:45AM +0200, Steffen DETTMER wrote: > > > I would like to see GSSAPI support in TLS (so would Microsoft > > > and a few others). This addresses key management, without > > > requiring secondary protocols, and ties into the dominant > > > standard intra-mural authentication system. This would use a > > > certificate-less cipher-suite, but the point remains that > > > authentication should be within TLS, not an add-on. > > > > ohh, now I got so many questions :) > > Well, Kerberos is already supported, but only with DES. If TLS is to see > wide-scale use *inside* large organizations where CAs are entirely the > wrong model, and GSSAPI is already prevalent, we need a GSSAPI (X.509v3 > certificate-less) cipher-suite for TLS with modern symmetric ciphers > (AES-256, ...). This an IETF issue, not an OpenSSL issue. > > > According to Wikipedia, this is an API to standardise how the > > application uses something like e.g. OpenSSL, is that correct? Or > > is it something completely different? You wrote `GSSAPI support > > in TLS' - this would be a standard or would it be an > > implementation? > > A new TLS ciphersuite, GSSAPI is both a standard and a protocol. > > > How would it help with key management? Do you mean in this can > > you could use any standard GSSAPI-using key management tool? > > GSSAPI uses Keberos-5 KDCs for key management.
Ahh, you mean creating a new TLS (version) standard/RFC, that is using GSSAPI and is to be used e.g. inside large organizations that already have some GSSAPI available (because they use Kerberos) to eliminate the need to additionally worry about keys/certificates for this new TLS (but using Kerberos protocol / authentication instead)? oki, Steffen About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them. www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them. www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
