-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/18/2011 03:02 PM, Luke Howard wrote:
> Right you are.
>
> On 18/08/2011, at 12:49 PM, Sam Hartman wrote:
>
>>>>>>> "Luke" == Luke Howard <[email protected]> writes:
>>
>>>>> GSS naming extensions does not really support this; I'd say the
>>>>> behavior should be undefined until GSS has a story for this.
>>>>
>>>> So I would expect that current GSS behavior would be to say
>>>> randomly return one of them rather than fail. An issue to
>>>> potentially raise on kitten.
>>
>> Luke> GSS naming extensions does support multiple valued attributes.
>>
>> I don't think it's reasonable to use that support if different values
>> come from different issuers.
+1 that actually sounds like something that should go into a security
considerations text somewhere.
Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5NETMACgkQ8Jx8FtbMZndjaQCgl/SSTfkWYx04lsI9yyBKffie
32sAn0s9ve4DUn8wM9IyfP2hj8GmBhF6
=7CqP
-----END PGP SIGNATURE-----
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
