On 2018-02-08 21:08, Benjamin Kaduk wrote:
On Thu, Feb 08, 2018 at 12:44:39PM +0000, Hannes Tschofenig wrote:
I believe there are new data points on this topic since the time
the requirements & use case draft was published. A lot of use cases
were written down and not all of them are still being considered by
the folks in the working group. Time has passed and we haven’t seen
the same amount of interest in the Client Token even among the
authors as with the other functionality. Furthermore, we have also
received a review from Mike where he restated what I said earlier
about the Client Token. Then, there was the recent IPR disclosure.
If you believe we need to cover the Client Token functionality
because you need it then you that’s Ok. But so far I don’t think I
hear you say that.
Right, this seems to be the key point. If there's not any running
code and not going to be any, it's pretty likely that the spec (for
this portion) will not actually be usable.
Note that there is running code for client token, if you look here:
Also note that I'm not saying we shouldn't move this to a separate
draft, but let's keep our facts straight. I'm really curious to see
Hannes' paper once he can release it.
Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51
Ace mailing list