On 5/13/2015 10:19 AM, Matt Caswell wrote:
On 08/05/15 09:40, Matt Caswell wrote:
On 08/05/15 02:28, Jeffrey Altman wrote:
Regardless, the inability to improve the support in this area has left
the those organizations that rely upon 2712 with the choice of use
insecure protocols or
On 08/05/15 09:40, Matt Caswell wrote:
On 08/05/15 02:28, Jeffrey Altman wrote:
Regardless, the inability to improve the support in this area has left
the those organizations that rely upon 2712 with the choice of use
insecure protocols or re-implement the applications. I do not
On 08/05/15 02:28, Jeffrey Altman wrote:
Regardless, the inability to improve the support in this area has left
the those organizations that rely upon 2712 with the choice of use
insecure protocols or re-implement the applications. I do not believe
that any sane OS or application vendor
On Thu, 2015-05-07 at 21:28 -0400, Jeffrey Altman wrote:
On 5/7/2015 8:40 PM, Viktor Dukhovni wrote:
On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
There have been some conversations behind Red Hat doors about
improving the state of Kerberos/TLS in both standards
On 5/8/2015 5:17 PM, Nathaniel McCallum wrote:
I agree that the current situation is not sustainable. I was only
hoping to start a conversation about how to improve the situation.
For instance, there is this: http://tls-kdh.arpa2.net/
I don't see any reason this couldn't be expanded to do
On Fri, May 08, 2015 at 05:17:29PM -0400, Nathaniel McCallum wrote:
I agree that the current situation is not sustainable. I was only
hoping to start a conversation about how to improve the situation.
RFC2712 uses Authenticator, which is an ASN.1 type quite clearly NOT
intended for use outside
I should have mentioned NPN and ALPN too.
A TLS application could use ALPN to negotiate the use of a variant of
the real application protocol, with the variant starting with a
channel-bound GSS context token exchange.
The ALPN approach can optimize the GSS mechanism negotiation, at the
price of
On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
There have been some conversations behind Red Hat doors about
improving the state of Kerberos/TLS in both standards and
implementations. Could we maybe have a broader conversation about how
to fix this situation?
To be
On 5/7/2015 8:40 PM, Viktor Dukhovni wrote:
On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
There have been some conversations behind Red Hat doors about
improving the state of Kerberos/TLS in both standards and
implementations. Could we maybe have a broader conversation
