[email protected]
[Top] [All Lists]

Re: Gen-ART review of draft-ietf-sasl-gs2-18

Subject: Re: Gen-ART review of draft-ietf-sasl-gs2-18
From: Alexey Melnikov
Date: Thu, 03 Dec 2009 19:02:53 +0000
Hi Nico,

Nicolas Williams wrote:

13.3.  Additional Recommendations

 If the application requires security layers then it MUST prefer the
 SASL "GSSAPI" mechanism over "GS2-KRB5" or "GS2-KRB5-PLUS".

Spencer (minor): If "prefer the mechanism" is the right way to describe this, I apologize, but I don't know what the MUST means in practice - if this needs to be at MUST strength, I'd expect text like "MUST use X and MUST NOT use Y or Z", or "MUST use X unless the server doesn't support X".
Agreed, we should express a MUST NOT instead of a MUST:

  If a SASL application requires security layers then it MUST NOT use
  GS2 mechanisms.  Such an application SHOULD use a SASL mechanism that
  does provide security layers, such as GS1 mechanisms.
There is no such thing as GS1, it should be GSSAPI. Otherwise the new text is Ok.

_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>