31 May 2012 09:07
Re: I-D Action: draft-ietf-kitten-sasl-oauth-01.txt
Simon Josefsson <simon <at> josefsson.org>
2012-05-31 07:07:45 GMT
2012-05-31 07:07:45 GMT
This version looks much better to me -- thanks! As we discovered for RFC 6595, you may want to expand the TLS certificate verification text with some RFC 6125 wording. See fifth paragraph of section 4 of RFC 6595. It should also explain which identity string is compared to what's in the certificate. Also, it seems this variant supports the PLUS channel-binding enabled variant (I have not read the draft in detail there, but it is mentioned), so shouldn't it then also be able to support per-message tokens and GSS_Pseudo_random? This could be done similar to SAML20EC (which is work in progress, but the mechanism it eventually uses could be the same). /Simon
RSS Feed