[kitten] I-D Action: draft-ietf-kitten-channel-bound-flag-04.txt

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[kitten] I-D Action: draft-ietf-kitten-channel-bound-flag-04.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Common Authentication Technology Next Generation WG of the IETF.

        Title           : Channel Binding Signalling for the Generic Security Services Application Programming Interface
        Authors         : Robbie Harwood
                          Nicolas Williams
        Filename        : draft-ietf-kitten-channel-bound-flag-04.txt
        Pages           : 9
        Date            : 2019-02-05

   Channel binding is a technique that allows applications to use a
   secure channel at a lower layer without having to use authentication
   at that lower layer.  The concept of channel binding comes from the
   Generic Security Services Application Programming Interface (GSS-
   API).  It turns out that the semantics commonly implemented are
   different than those specified in the base GSS-API RFC (RFC2743), and
   that that specification has a serious bug.  This document addresses
   both the inconsistency as-implemented and the specification bug.

   This Internet-Draft proposes the addition of a "channel bound" return
   flag for the GSS_Init_sec_context() and GSS_Accept_sec_context()
   functions.  Two behaviors are specified: a default, safe behavior
   reflecting existing implementation deployments, and a behavior that
   is only safe when the application specifically tells the GSS-API that
   it (the application) supports the new behavior.  Additional API
   elements related to this are also added, including a new security
   context establishment API.

The IETF datatracker status page for this draft is:

There are also htmlized versions available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:

Kitten mailing list
[hidden email]