Alexey Melnikov <alexey.melnikov@xxxxxxxxx> writes: >>The I-D says: >> >> The original >> GSS-API->SASL mechanism bridge was specified by [RFC2222], now >> [RFC4752]; we shall sometimes refer to the original bridge as GS1 in >> this document. >> >>I don't see anything wrong with that. >> > Very well. I forgot about that. > >>There's good reason, even, to want to use "GS1" to refer to RFC4572: >>RFC2222/4572's use of "GSSAPI" to refer to the "Kerberos V5 GSS-API >>mechanism" is wrong and confusing. Avoiding confusion is a good thing. >> >> > Personally I dislike unnecessary indirection, as it allows for extra > confusion as well. There is only 1 mechanism in GS1 family (ignoring > GSS-SPNEGO), it is called "GSSAPI". So I think the original text is > actually better, if we add a reference and change "prefer" to "use": > > If the application requires SASL security layers then it MUST use the > SASL "GSSAPI" mechanism [RFC4572] instead of "GS2-KRB5" or "GS2-KRB5-PLUS". > > Opinions? I used this text too. /Simon _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf