[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: scram-sha-1-plus
From: |
Jeremy Harris |
Subject: |
Re: scram-sha-1-plus |
Date: |
Tue, 21 Jan 2020 10:57:06 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 |
On 20/01/2020 23:49, Simon Josefsson wrote:
> 3) Redesign gsasl somehow.
>
> It is late and I'm not sure there actually is a problem for non-threaded
> applications. Is there really any problem?
The application can hack it to work, so long as it only
has one session for its toplevel library context - but it is ugly.
And, as you note, multiple sessions are a problem.
To keep the current early check, I think you would have to split the
session startup into two calls, so the the application gets a session-
context before the time it needs to provide the channel-binding data.
Alternatively it should be possible to fail the flow later on, if it
is -PLUS but the binding prop has not been provided at the time
it is actually required. After all, other props are required
for the conversation (eg the authn) and the client application
is not required to provide them so early... On that view, the
library should permit the application to try to do the wrong
thing early on - only error-checking later.
--
Cheers,
Jeremy