[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jessie-discuss] TLS Delegation
|
From: |
andrew cooke (noao) |
|
Subject: |
Re: [Jessie-discuss] TLS Delegation |
|
Date: |
Sun, 24 Jul 2005 09:16:03 -0400 (CLT) |
|
User-agent: |
SquirrelMail/1.4.2 |
hi,
thanks for the reply - you confirmed what i suspcted (that this isn't
common).
just fyi, looking at the global grid forum's software (ggf being the
academic grid people, as far as i can see) they seem to be using a java
package called puretls, which might do this. so i'm going to have a look
at it today.
to be honest, i doubt that we could commit to using anything that doesn't
already exist (i'm supposed to have something ready for demonstration in
january and we're still designing the security), but i guess it would be
useful to keep it in mind as a possible future extension (if i understand
correctly it's an obscure but very useful little trick for distributed
security - lets the code on the server use transport layer security in the
name of the client - but it's quite possible that the future is message
layer security for this kind of thing). the pluggable handler idea sounds
like a decent solution (although i don't know much about all this).
cheers + thanks again for the reply,
andrew
Casey Marshall said:
> On Jul 23, 2005, at 12:15 PM, andrew cooke (noao) wrote:
>
>> Hi,
>>
>> Does jessie have support for "TLS Delegation" as described in
>> draft-ietf-tls-delegation-01.txt (eg
>> http://www.ietf.org/proceedings/02mar/I-D/draft-ietf-tls-
>> delegation-01.txt)
>>
>
> I'm afraid not; this is actually the first I've heard of that or seen
> the Internet-Draft.
>
>> This allows the creatoin of a proxy cert on the server, signed by
>> the client.
>>
>> If not, does any other JSSE implementation do so?
>
> I don't know of any, but I would doubt that any would, if this is a
> somewhat obscure feature, that was never finalized as an RFC.
>
>> This is used in grid
>> computing, typically, where a user transfers authority to a service
>> working on tehir behalf.
>>
>
> It sounds interesting!
>
> Perhaps and this is something I've thought of just now the best
> way to implement something like this (and, any other TLS extensions
> that add a new content type) would be to allow pluggable content-type
> handlers, where you can register a handler for a given content-type,
> and Jessie would delegate to that code when such a message was received.
>
> I'm in the middle of reworking Jessie, mostly to support nonblocking
> I/O, but I'll consider doing something like this.
>
>