Hi Nico,
Nicolas Williams wrote:
13.3. Additional Recommendations
If the application requires security layers then it MUST prefer the
SASL "GSSAPI" mechanism over "GS2-KRB5" or "GS2-KRB5-PLUS".
Spencer (minor): If "prefer the mechanism" is the right way to describe
this, I apologize, but I don't know what the MUST means in practice - if
this needs to be at MUST strength, I'd expect text like "MUST use X and
MUST NOT use Y or Z", or "MUST use X unless the server doesn't support X".
Agreed, we should express a MUST NOT instead of a MUST:
If a SASL application requires security layers then it MUST NOT use
GS2 mechanisms. Such an application SHOULD use a SASL mechanism that
does provide security layers, such as GS1 mechanisms.
There is no such thing as GS1, it should be GSSAPI. Otherwise the new
text is Ok.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf