Alexey Melnikov <alexey(_dot_)melnikov(_at_)isode(_dot_)com> writes:
The I-D says:
The original
GSS-API->SASL mechanism bridge was specified by [RFC2222], now
[RFC4752]; we shall sometimes refer to the original bridge as GS1 in
this document.
I don't see anything wrong with that.
Very well. I forgot about that.
There's good reason, even, to want to use "GS1" to refer to RFC4572:
RFC2222/4572's use of "GSSAPI" to refer to the "Kerberos V5 GSS-API
mechanism" is wrong and confusing. Avoiding confusion is a good thing.
Personally I dislike unnecessary indirection, as it allows for extra
confusion as well. There is only 1 mechanism in GS1 family (ignoring
GSS-SPNEGO), it is called "GSSAPI". So I think the original text is
actually better, if we add a reference and change "prefer" to "use":
If the application requires SASL security layers then it MUST use the
SASL "GSSAPI" mechanism [RFC4572] instead of "GS2-KRB5" or "GS2-KRB5-PLUS".
Opinions?
I used this text too.
/Simon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf