>>>>> "Jim" == Jim Schaad <[email protected]> writes:
Jim> I guess my question would be why would we want to look at the
Jim> 4121 token type registry for anything given that it should be
Jim> mechanism specific?
Well, the context level tokens are probably per-mechanism at least for
the most part. However, per-message tokens are going to be common
across all the 4121-like mechanisms (EAP, Kerberos, SCRAM, SAML ECP).
If there is some option added--say a DH exchange for PFS--there's a fair
chance it will apply to multiple mechanisms. If it does, it would be
nice to reuse code points.
If we're doing things like Kerberos fastreauth for EAP, then it becomes
even more possible to have overlaps. So, my rationale is that there's
no harm in using different token IDs for the different context tokens
and there's at least some chance of potential value in doing so. If you
would rather do something else to avoid confusion, etc, we can do that.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
