Alexey Melnikov writes:
>>The I-D says:
>>
>>The original
>> GSS-API->SASL mechanism bridge was specified by [RFC], now
>> [RFC4752]; we shall sometimes refer to the original bridge as GS1 in
>> this document.
>>
>>I don't see
Nicolas Williams writes:
>> In particular, the current consensus of the SASL community appears to
>> be that SASL "security layers" (i.e., confidentiality and integrity
>> protection of application data after authentication) are too complex
>> and, since SASL applications tend to have an
"Spencer Dawkins" writes:
> Summary: This document is almost ready for publication as a Proposed
> Standard. I did have one minor question about 13.3 (in my LATE
> review), but it should not be difficult to resolve, if an AD agrees
> with my question.
Hi Spencer. Thank you for your careful revi
On Mon, Dec 07, 2009 at 10:37:21AM +, Alexey Melnikov wrote:
> Nicolas Williams wrote:
>
> >On Thu, Dec 03, 2009 at 07:02:53PM +, Alexey Melnikov wrote:
> >
> >>Hi Nico,
> >>
> >>Nicolas Williams wrote:
> >>
> >>
> 13.3. Additional Recommendations
>
> If the application
Nicolas Williams wrote:
On Thu, Dec 03, 2009 at 07:02:53PM +, Alexey Melnikov wrote:
Hi Nico,
Nicolas Williams wrote:
13.3. Additional Recommendations
If the application requires security layers then it MUST prefer the
SASL "GSSAPI" mechanism over "GS2-KRB5" or "GS2-KRB5-PLUS".
On Thu, Dec 03, 2009 at 07:02:53PM +, Alexey Melnikov wrote:
> Hi Nico,
>
> Nicolas Williams wrote:
>
> >>13.3. Additional Recommendations
> >>
> >> If the application requires security layers then it MUST prefer the
> >> SASL "GSSAPI" mechanism over "GS2-KRB5" or "GS2-KRB5-PLUS".
> >>
> >>S
Hi Nico,
Nicolas Williams wrote:
13.3. Additional Recommendations
If the application requires security layers then it MUST prefer the
SASL "GSSAPI" mechanism over "GS2-KRB5" or "GS2-KRB5-PLUS".
Spencer (minor): If "prefer the mechanism" is the right way to describe
this, I apologize, but
Thanks for your review.
On Mon, Nov 30, 2009 at 03:19:04PM -0500, Spencer Dawkins wrote:
> 1. Introduction
>
> The GS1 bridge failed to gain wide deployment for any GSS-API
> mechanism other than The "Kerberos V5 GSS-API mechanism" [RFC1964]
>
> Spencer (nit): s/The "Kerberos/"The Kerberos/
I have been selected as the General Area Review Team (Gen-ART)
reviewer for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
Please resolve these comments along with any other Last Call comments
you may receive.
Document: draft-ietf-sasl-