After reading Luke's mail and Ken's mail my preference is to chang ethe draft to do what the Moonshot code does. In particular I propose that the channel binding code is critical but not required. It MUSt be sent when non-empty application channel bindings are passed in and MUST NOT be sent when empty application channel bindings are passed into gss_init_sec_context.
I'd appreciate someone besides me analyzing the protocol and confirming that doing this is secure. I think that leaves Luke, Ken and I preferring a change and no other opinions expressed so far. I'm holding we can fold a decision on this into a last call. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
