[AFS3-std] New Version Notification for draft-wilkinson-afs3-rxgk-06.txt (fwd)

[Benjamin Kaduk]

On Thu, 11 Jul 2013, Simon Wilkinson wrote:

>
> On 11 Jul 2013, at 20:40, Benjamin Kaduk <kaduk@mit.edu> wrote:
>> In practice, this probably means that you can't call GSSNegotiate against one vlserver and then try to finish against a different vlserver.
>
> You definitely want to disallow this. In fact, you want to require that 
> all of the GSSNegotiate calls for a given context occur on the same 
> connection.

Okay.

>> My rough plan for implementing multi-round-trip mechanisms on the server-side was to cache partially-constructed GSS security contexts, with a cap on how many can be cached at once and an expiration timer on them. That would eliminate any need to either export/import the partially-constructed context or replay GSS tokens.
>
> With the OpenAFS RX stack, you can just use connection specific objects 
> to store the partially built security contexts. These will then be 
> disposed of when the connection is destroyed - you don't need to use the 
> opaque objects at all, unless you want to support establishing multiple 
> contexts simultaneously over the same connection.

Cool.  That makes resource management much easier than with my proposal.

Thanks,

Ben