Technical Summary
RPCSEC_GSS version 2 (RPCSEC_GSSv2) is the same as RPCSEC_GSS
version 1 (RPCSEC_GSSv1) except that support for channel
bindings has been added. The primary motivation for channel
bindings is to securely take advantage of hardware assisted
encryption that might exist at lower levels of the networking
protocol stack, such as at the Internet Protocol (IP) layer
in the form of IPsec. The secondary motivation is that even
if lower levels are not any more efficient at encryption than
the RPCSEC_GSS layer, if encryption is occurring at the lower
level, it can be redundant at the RPCSEC_GSS level.
Working Group Summary
The working group development and review of this work was
straightforward. The motivation is well understood and
agreed upon and no major issues were identified or impeded
progress during document review.
Document Quality
No existing implementations yet exist but given the author
and reviewers are knowledgeable about more than one
implementation of the current RPCSEC_GSS protocol, it is
believed that the quality of this work is to be considered
"high".
Personnel
Spencer Shepler (spencer.shepler@gmail.com) is the Document
Shepherd. Lars Eggert (lars.eggert@nokia.com) reviewed this
document for the IESG.