[AFS3-std] rxgk draft updates

Simon Wilkinson simon@sxw.org.uk
Wed, 2 Jan 2013 23:42:16 +0000


On 2 Jan 2013, at 22:28, Benjamin Kaduk wrote:

> In addition to the introduction of RXGK com_err codes, I also pushed a =
couple of commits from Mike Meffie.  The first one is a reordering the =
discussion of auth-only, integrity protection, and encryption for packet =
handling, so as to match up with the order that the security levels are =
introduced in.  There's also some clarification of how packet handling =
works for RXGK_AUTH, along with explicit diagrams for the get_mic input =
blob and the on-the-wire data.  Thanks, Mike!

In f39602cbebebeb777f7e0fd1d4ac90ef4c3d3a6e Mike has "The =
RXGK_CLIENT_MIC_PACKET key" and "The RXGK_SERVER_MIC_PACKET key". These =
are not keys, they are key usage values, as noted in the original text.

Also, the second piece of artwork suggests that the MIC will be an exact =
multiple of 4 bytes - I don't think we actually have any such guarantee =
from the RFC3961 profiles, and the danger is that this suggests that the =
payload will be word aligned within the packet.

Other than that, Mike's changes look fine to me.

> Going back through my emails, I don't have anything else sitting in my =
inbox with concerns about the CombineTokens language.  Simon, is it time =
for a new I-D?

I'd like to resolve what we're doing about errors (see the other email), =
and fix the above before publishing a new I-D. Once they're done, I'd =
agree that it's a good point to publish something.

Cheers,

Simon