#27: Setion 3.1
Changes (by hannes.tschofenig@…):
* cc: hannes.tschofenig@… (added)
Comment:
I changed the title of the section but I am currently not able to address
your second comment regarding the correctness and completely of bullet 1
and 2 of the following text:
"
RFC 2743 does not explicitly talk about what mutual authentication
means. Within the GSS-API community successful mutual authentication
has come to mean:
o If a target name is supplied by the initiator, then the initiator
trusts that the supplied target name describes the acceptor. This
implies both that appropriate cryptographic exchanges took place
for the initiator to make such a trust decision, and that after
evaluating the results of these exchanges, the initiator's policy
trusts that the target name is accurate.
o The initiator trusts that its idea of the acceptor name correctly
names the entity it is communicating with.
o Both the initiator and acceptor have the same key material for
per-message keys and both parties have confirmed they actually
have the key material. In EAP terms, there is a protected
indication of success.
"
A problem with the text above is that it uses the fuzzy term "trust". I
would at least expect to have an indication "<who> trusts <whom> to do
<what>".
I prefer to have the issue assigned to someone who is very familiar with
the GSS-API and to re-work the text.
--
--------------------+--------------------------------------
Reporter: ietf@… | Owner: draft-ietf-abfab-arch@…
Type: defect | Status: new
Priority: major | Milestone:
Component: arch | Version:
Severity: - | Resolution:
Keywords: |
--------------------+--------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/abfab/trac/ticket/27#comment:1>
abfab <http://tools.ietf.org/abfab/>
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
