NFSv4 IETF 67 BOF: Fwd: [SPKM] DTLS and GSS-API

William A. (Andy) Adamson andros at citi.umich.edu
Tue Oct 31 12:34:57 EST 2006 

FYI - NFSv4 PKI BOF at IETF 67 on Monday morning. It would be really good if
we had a high percentage of NFSv4 IETF attendees expressing their opinion on
this issue.

-->Andy

---------- Forwarded message ----------
From: Sam Hartman <hartmans-ietf at mit.edu>
Date: Oct 31, 2006 12:08 PM
Subject: [SPKM] DTLS and GSS-API
To: tls at ietf.org, spkm at ietf.org



Monday morning at IETF 67 there is a really important BOF: SPKM.

The purpose of this BOF is to decide how we will get a standards track
solution for NFSV4 to use PKI credentials.  Two modes are important: a
mode where both parties have credentials and a mode where the server
has a certificate and the client has a password.

The current proposal is based off draft-adamson-rfc2847-01.txt.
Several reviewers including Eric Rescorla and myself have expressed
concerns about this draft.


An alternate proposal for solving this problem was discussed in the
past: construct a GSS-API mechanism based on DTLS.  Advantages of this
solution include reuse of code and specification between GSS-API and
TLS implementations.  When new ciphers are specified for TLS they
would be available for NFS.  We would not need to keep updating a GSS
mechanism as public-key algorithms evolve and problems are found.

There are two main drawbacks I've heard to the DTLS proposal.  First,
we don't have a draft.  Second, it would not be interoperable with
SPKM-3 deployments.

I hope the BOF will answer the question of how much we care about
SPKM-3 deployments.


I only want to see one standards track solution in this space.
Currently, there does not seem to be enough interest in the DTLS
proposal for it to be a viable alternative.  I would like to encourage
the TLS community to take a look at draft-adamson-rfc2847-01 and to
consider how a DTLS approach would work and think about whether
advocating for such an approach would be a good idea.  If so, someone
at least needs to be prepared to give a brief presentation by next
Monday on such a proposal.

The BOF chair wanted to hear about anyone giving an alternative
presentation by Wednesday of this week.  I'm hoping he will be a bit
flexible as I was supposed to write this message last Friday.


Thanks for your consideration,

--Sam

_______________________________________________
SPKM mailing list
SPKM at ietf.org
https://www1.ietf.org/mailman/listinfo/spkm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linux-nfs.org/pipermail/nfsv4/attachments/20061031/ee122115/attachment.htm

More information about the NFSv4 mailing list