>>>>> "Nico" == Nico Williams <[email protected]> writes:
Nico> This is what had me nervous Sam, and I now agree that I
Nico> shouldn't look at GSS-EAP through the same prism when it comes
Nico> to two-level negotiation.
Nico> What I want is probably best left as cred options (and
Nico> possibly a req_flag, but I want to avoid adding req_flags
Nico> whenever we can, since that's a very limited namespace) for
Nico> expressing the app policies I mentioned above. Cred options
Nico> on the default credential can be had by acquiring a credential
Nico> for desired_name = GSS_C_NO_NAME and setting cred options on
Nico> that, which is how we'd avoid having to add req_flags.
I agree cred options are a fine way to get this sort of app policy. I
think we need not specify them now; they can be in a separate spec.
I'm personally dubious whether we'll need to standardize them. For me,
it would be worthwhile if someone were going to implement and someone
else indicated a desire to use the option in an application that was not
closely associated with the implementation.
If that happens I'm all for standardizing. If that doesn't happen and
there's a consensus to standardize anyway, I'm not against.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
