[Ietf-krb-wg] CONSENSUS CALL: requesting partially-anonymous creds in GSS-API

Prior to this week's meeting, we had one remaining open issue on anonymous,
which was the question of whether to define a standard means for GSS-API
initiators to request the use of so-called "partially-anonymous"
credentials, in which the client realm is given but not the client
principal name (more precisely, the client principal name is given as
"WELLKNOWN/ANONYMOUS").

We discussed this issue at the meeting, and the sense of the room seemed to
be that we should _not_ standardize such an interface now, but instead
leave it up to implementations to define one if desired, as well as leaving
open the possibility of standardizing such an interface in the future.


I am now beginning a consensus call to validate that decision.  This call
will run until 23:59 EDT on Monday, Dec 1, 2008, which is slightly over a
week.  Please respond by then, or let me know if there is some reason you
need more time.

If the decision is validated, I will ask Larry to submit a "final" version
of the document reflecting this decision, and then I will start a WGLC on
the full document as soon as it appears in the I-D repository.

-- Jeff
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@...
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

--On Thursday, November 20, 2008 02:50:07 PM -0600 Jeffrey Hutzelman
<jhutz@...> wrote:

> I am now beginning a consensus call to validate that decision.  This call
> will run until 23:59 EDT on Monday, Dec 1, 2008, which is slightly over a
> week.  Please respond by then, or let me know if there is some reason you
> need more time.

Correction: since the US/Eastern time zone is in fact not observing
daylight savings time, the consensus call will end at 23:59 EST, not EDT.
US/Eastern is UTC-5, so the end time is 2008-12-02 0459Z.

-- Jeff
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@...
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

--On Thursday, November 20, 2008 02:50:07 PM -0600 Jeffrey Hutzelman
<jhutz@...> wrote:

I tried to review the comments sent in response to this consensus call, but
there weren't any.  When we had this discussion during the meeting, the
comments all seemed to be against defining a standardized interface.  There
was some discussion in the Jabber room about what such an interface might
look like if we defined one, but no one either in the physical meeting room
or in the jabber room made much of an argument in favor of doing so.  The
closest I saw were Nico's comment that we should include such an interface
if we have consensus on one (I don't think we do), and Martin's comment
that he'd like to see one, but couldn't really make a case for it.

Jeff Altman was unavailable for the meeting in Minneapolis, but previously
made an argument for defining such an interface.  However, from his last
message in that thread he appears to have decided that the issue he was
concerned about related more to the Kerberos interface for obtaining
initial tickets than to the GSS-API.  Jeff also made no comments in
response to this consensus call.


Lacking anyone making an argument for defining such an interface, or any
objections in response to this consensus call, I am finding that the
decision made during the Minneapolis meeting is confirmed.  Since the
current (-10) version of the document already reflects this, no further
update is needed and I am declaring this issue resolved.

-- Jeff
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@...
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg