Re: last call comments on the mapping documents

[Wes Hardaker <wjhns1@hardakers.net>]

>>>>> On Thu, 10 Mar 2005 11:57:15 +0100, Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de> said:

Juergen> My understanding is that common SASL usage in combination
Juergen> with TLS lacks a cryptographic binding of the authentication
Juergen> exchange with the underlying secure transport. Wes surely can
Juergen> explain that better than I can do. I am just wondering
Juergen> whether BEEP "suffers" from the same problem or not.

TLS/SASL alone do not contain the required cryptographic binding
needed to make the protocol secure.  Any protocol that wants to
use/allow-for that combination needs to do so itself.  I'm not sure
whether or not the BEEP document deals with this or not, and I'll have
to go look to find out.  I've put it on my todo list for next week.

-- 
"In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find."  -- Terry Pratchett

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>