• 19 February 1996 – Eric Baize and Denis Pinkas publish the
Internet Draft Simple GSS-API Negotiation Mechanism (draft-ietf-cat-snego-01.txt). • 17 October 1996 – The mechanism is assigned the
object identifier 1.3.6.1.5.5.2 and is abbreviated
snego. • 25 March 1997 – Optimistic piggybacking of one mechanism's initial token is added. This saves a round trip. • 22 April 1997 – The "preferred" mechanism concept is introduced. The draft standard's name is changed from just "Simple" to "Simple and Protected" (
spnego). • 16 May 1997 – Context flags are added (
delegation, mutual
auth, etc.). Defenses are provided against attacks on the new "preferred" mechanism. • 22 July 1997 – More context flags are added (
integrity and
confidentiality). • 18 November 1998 – The rules of selecting the common mechanism are relaxed. Mechanism preference is integrated into the mechanism list. • 4 March 1998 – An optimisation is made for an odd number of exchanges. The mechanism list itself is made optional. • December 1998 (
Final) –
DER encoding is chosen to disambiguate how the
MIC is calculated. The draft is submitted for standardisation as RFC 2478. • October 2005 – Interoperability with Microsoft implementations is addressed. Some constraints are improved and clarified and defects corrected. Published as RFC 4178, although it is now non-interoperable with strict implementations of now-obsoleted RFC 2478. ==Notes==