gss-api negotiation termination (was Re: [AFS3-std] rxgk implementation
notes)
Benjamin Kaduk
kaduk@MIT.EDU
Thu, 28 Feb 2013 21:13:06 -0500 (EST)
On Thu, 28 Feb 2013, Benjamin Kaduk wrote:
> On Thu, 28 Feb 2013, Jeffrey Hutzelman wrote:
>
>> On Thu, 2013-02-28 at 17:05 -0500, Benjamin Kaduk wrote:
>>
>>> It's hard to get the logic right for when to terminate a GSS negotiation
>>> loop
>>
>> Yes; getting this right can be quite tricky. Someone should probably go
>> back and review the document to make sure we're correctly describing
>> what implementations should do and covering all the bases.
>
> We're not; we knew this a while ago, but I haven't gotten around to writing
> the new text yet.
It's also worth noting that the standard GSS-API negotiation loop does not
provide the major/minor status from gss_accept_sec_context() to the
initiator as we do. So maybe our case is more confusing than the standard
case, after all.
-Ben