[AFS3-std] Re: rxgk token expiry
Jeffrey Altman
jaltman@secure-endpoints.com
Mon, 05 Nov 2012 13:18:23 -0500
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig11AB29FFFF2530C360398E23
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 11/2/2012 4:30 PM, Benjamin Kaduk wrote:
> On Thu, 1 Nov 2012, Simon Wilkinson wrote:
>=20
>>
>> On 1 Nov 2012, at 03:42, Benjamin Kaduk wrote:
>>> I think we can only make a weak statement in this document, and
>>> proposed as such in my commit:
>>> <t hangText=3D"expiration">The time, expressed as an rxgkTime, =
at
>>> which
>>> - this token expires.</t>
>>> + this token expires. The expiration time MAY be set
>>> administratively
>>> + by the server, and SHOULD reflect the expiration time of the
>>> + underlying GSSAPI credential.</t>
>>>
>>> The server application has freedom to lower, or increase, the expiry
>>> time of the underlying credential, but should take that underlying
>>> credential into account as appropriate for the application.
>>
>> I'm happy with the intent behind this, although I wonder if the wordin=
g
>=20
> Okay. Does jaltman have objections to the intent behind it?
I am ok with the intent.
--------------enig11AB29FFFF2530C360398E23
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJQmALxAAoJENxm1CNJffh4pRIH/j9DBBJWdYw0AnUYAnC5HY53
BYoZQFwN2KFAhjiGs+saq6+8bhmvvfBi17W/wuRgPhZccuFfVclZdn88P8PFkOjw
A5Nn6s2KA5nyn+Z7dOyYjhLkTeEFTbNfkCGpNRIzWB4h3ezvW+dZFtFoFw12mV4/
OoEzxDny5mQJfGlFoQnop302ZKYp2lKhKQk76MekhSgDtdnBj4GwaEow4k6O6waB
Tqi/Z1SsOcnTugWdIpgwwKFDEgCeXvkbtOSS/7eSeT7B5ykQb+eHqODeFJNnYJA3
0ZP/2tYiKZbLf04rEm37nadefVCylIoAk6xBz0mrveiLBlCTl7EAqz0f4GyyZ3E=
=y9tl
-----END PGP SIGNATURE-----
--------------enig11AB29FFFF2530C360398E23--