On Fri, Dec 9, 2011 at 1:34 PM, Jim Schaad <[email protected]> wrote: > I am not saying that we need to say what the transport is, but if you have a > neophyte looking at the document and trying to figure out what is happening > they are going to start assuming that GSS-API apparently has a transport as > part of it. As we know this is incorrect.
It's not incorrect though: GSS per-message tokens do in fact form a secure channel/transport. That's often (but not always) not as convenient as TLS, and for some mechanisms (e.g., ones based on bearer tokens), not secure. > Additionally we may want to specify that the transport has some properties - > such as channel binding - that may or may not be of interest. What are the > issues of using a non-secure vs a secure transport and so forth. Sure. I don't mind some text to this effect in the architecture document, but it feels a lot like an update to RFC2743. Nico -- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
