40 likes | 52 Views
Explore the multiple use cases of FXA-TLS, a method to enhance security for both standard and non-standard protocols using TLS. Discover practical issues and limitations faced in different categories of protocols.
E N D
Use Cases for FXA-TLS Larry Zhu Leif Johansson IETF69
Category 1: Standard protocols • Two variants for all protocols • LDAP • SMTP • etc • http://www.secure-endpoints.com/tls-gss/draft-santesson-tls-gssapi-03.txt appendix B • Using SASL is less desirable • Future use cases –less code branches to test and better secrurity
Category 2: Non Standard protocols • Use TLS to add a security layer • No SASL variants for these protocols • Practical issues: firewalls and NAT traversal
Category 3: RFC4559 • only supports single-round-trip GSS-API mechanisms • lacks of channel bindings to the underlying TLS connection which makes in unsuitable for deployment in situations where proxies exists • lacks of session-based re-authentication