[AFS3-std] Re: New Version Notification for draft-wilkinson-afs3-rxgk-03.txt (fwd)

Benjamin Kaduk kaduk@MIT.EDU
Tue, 19 Mar 2013 15:56:02 -0400 (EDT)


On Mon, 18 Mar 2013, Benjamin Kaduk wrote:

> This I-D is based off git revision 871c7cadb9377994781a496fb6a10e261d473501

Of course, once I push the new draft I notice a bunch of typos and the 
like.  (Fixes on github, log below.)

-Ben


git log -p --reverse  850573c..c358f85
commit c8e3519b1c68006bb9ec2a0daf87e886c80d2e72
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 14:35:46 2013 -0400

     The rxgk security class doesn't really use GSSAPI

     Fix the abstract to reflect the reality of the negotiation service.

     Change-Id: Ibf88ed1d231bc9f6af77364026ee16c9bc650c42

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 6b14594..6026103 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -30,8 +30,10 @@

    <abstract>
      <t>rxgk is a security class for the RX RPC protocol. It uses the GSSAPI
-       framework to provide authentication, confidentiality and integrity
-       protection. This document provides a general description of rxgk. A
+       framework to provide an authentication service that provides
+       authentication, confidentiality and integrity protection for the
+       rxgk security class.
+       This document provides a general description of rxgk. A
         further document will provide details of integration with specific
         RX applications. </t>
    </abstract>

commit 54336990768e11f2f3851b9458c010afa77c0cc6
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 14:39:58 2013 -0400

     We want confidentiality and mutual auth from the GSS mech

     Mention that as well as PRF when qualifying the usable GSS mechs.

     Change-Id: I6c5fa36b03426f60e8be48cd2a2fe2dd6c6e6963

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 6026103..cc3674c 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -46,6 +46,7 @@
       authentication, confidentiality and integrity protection for
       rx RPC calls,
       using a security context established using any GSSAPI mechanism with 
+     confidentiality, mutual authentication, and
       <xref target="RFC4401">PRF</xref> support. The External Data
       Representation Standardard,
       <xref target="RFC4506">XDR</xref>, is used to represent data structures

commit 59a7f8c733ad4f7265fdf09cfa7d8702d1d51faf
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 14:43:08 2013 -0400

     RXGK_LEVEL_CLEAR is not always higher throughput

     If we're limited by the server's backing store, extra per-packet
     overhead does not affect throughput.

     Change-Id: I2710c335dd87055cb825fb290a91b14f4753fe21

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index cc3674c..889c697 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -127,7 +127,7 @@ const RXGK_SERVER_ENC_TOKEN		= 1036;
       <list style="hanging" hangIndent="6">
         <t hangText="Authentication only"> (0) Provides only connection
  	 authentication, without either integrity or confidentiality 
-	 protection. This mode of operation provides higher throughput, but
+	 protection. This mode of operation can provide higher throughput, but
  	 is vulnerable to man in the middle attacks. This corresponds
   	 to the traditional 'clear' security level.</t>
         <t hangText="Integrity"> (1) Provides integrity protection only.

commit 68a2203d069b27c4d31fb6e24acc2900c91a15ce
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 14:48:52 2013 -0400

     Entity fix

     The escape character is &, not %.

     Change-Id: I9919c17134692cbba90d4c9df83c174921565a7f

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 889c697..9ca3778 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -197,7 +197,7 @@ enum RXGK_Level {
         application-specific knowledge, when using rxgk over a port number
         registered with IANA, the registered service name SHOULD be used to
         construct the target principal name as
-       &lt;service name&gt;@%lt;hostname%gt; using the name type
+       &lt;service name&gt;@&lt;hostname&gt; using the name type
         GSS_C_NT_HOSTBASED_SERVICE.</t>

      <t>The key negotiation protocol is defined by the following RPC-L:</t>

commit 624ed946c646bf85bac1520bf62e02bb221f9fb0
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 14:51:11 2013 -0400

     GSSNegotiate opaques are not valid across contexts

     Clarify that the "next GSSNegotiate call" is only within the
     current context negotiation.

     Change-Id: Ia0de22a21034d8a8b6193e7b7e188a93ae7e0b7c

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 9ca3778..3a34971 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -287,7 +287,7 @@ enum RXGK_Level {
        <t hangText="opaque_out">An opaque token, which the server may use to
  	preserve state information between multiple calls in the same context
  	negotiation. The client should use this value as opaque_in in its next
-	call to GSSNegotiate.</t>
+	call to GSSNegotiate in this context negotiation.</t>
        <t hangText="gss_major_status">The major status code output by the server's
  	      call to gss_accept_sec_context().</t>
        <t hangText="gss_minor_status">The minor status code returned by

commit b58d32a7c48ab7fe9bddecbd1d215465fe73bd02
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 14:52:39 2013 -0400

     Only the opaque is used for the next GSSNegotiate

     The GSS token is consumed by gss_init_sec_context.

     Change-Id: Ie6d5f1afb0333e3a8e24563bd2bc67ce70fd70f9

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 3a34971..f268acd 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -303,7 +303,7 @@ enum RXGK_Level {
         GSSNegotiate() RPC, until an error or success condition is reached.
         Each call to GSSNegotiate will return both an output token from
         GSS_Accept_sec_context() and an output opaque that are to be
-       used as an inputs for a subsequent call to GSSNegotiate, if
+       used as an input for a subsequent call to GSSNegotiate, if
         such a subsequent call is necessary.</t>
      <t>Different GSS mechanisms will require a different number of full (or
         half) round trips.  The structure of the loop, with success and

commit 8c8d710b0e3aedc16d719a07eb2fcecbf6955d69
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 14:56:34 2013 -0400

     Spell "boolean" correctly

     Change-Id: Id5feab996273d3c635e391c5bc4bff14e636846b

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index f268acd..d871a60 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -313,7 +313,7 @@ enum RXGK_Level {
           <t>The client calls GSS_Init_sec_context(), supplying an input token
             if one was returned by a previous call to GSSNegotiate().
             The client MUST set the mutual_req_flag, conf_req_flag, and
-           integ_req_flag boolans to true.</t>
+           integ_req_flag booleans to true.</t>
           <t>If the major status code from GSS_Init_sec_context() includes a
             fatal error code, the negotiation loop is in an error condition and
             terminates.  If the major status code is GSS_S_COMPLETE and

commit 6daec62501b4aa77c8ee4a25d2480bb90e8d6fde
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 14:58:54 2013 -0400

     Use the RXGK_ prefix for ClientInfo

     Change-Id: I7a62327da06c29d45569b1d6c1ca13578b3598f7

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index d871a60..e3acb66 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -362,7 +362,7 @@ enum RXGK_Level {
         confidentiality protection. The client should decrypt this structure
         using gss_unwrap().</t>

-    <t>ClientInfo contains the following server populated
+    <t>RXGK_ClientInfo contains the following server populated
         fields:</t>

      <list style="hanging" hangIndent="6">

commit af3d8883d73fd134a415c10f75ec98881894845b
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:01:39 2013 -0400

     Remove duplicate "section"

     xref generally gives this to us, and it looks silly to have two.

     Change-Id: If27f7d6bd95341019a5186ba4698317c38e410fb

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index e3acb66..3b05697 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -373,7 +373,7 @@ enum RXGK_Level {
  	<xref target="COMERR" />
  	and may represent such conditions as insufficient authorization
  	or that the client has too many active connections to the service.
-        Error codes may be RXGK errors (see section <xref target="AFSReg" />)
+        Error codes may be RXGK errors (see <xref target="AFSReg" />)
          or from an application-specific table.</t>
        <t hangText="enctype">The encryption type selected by the server.
  	This SHALL be one of the types listed by the client in its StartParams
@@ -527,7 +527,7 @@ enum RXGK_Level {
  	 RXGK_TokenInfo structure and the value of new_token are undefined.
           Nonzero values for errorcode should be com_err codes
           <xref target="COMERR" />, from an RX,
-         RXGK, or application-specific table.  See section
+         RXGK, or application-specific table.  See
           <xref target="AFSReg" /> for RXGK error codes.
           section <xref target="derivation" />.  For example,
           <list style="hanging" hangIndent="6">
@@ -561,7 +561,7 @@ enum RXGK_Level {
           to know which enctype's random-to-key function to use in generating
           Kn.  With the negotiated enctype, the client can then perform the
           key combination algorithm described in
-         section <xref target="derivation" />.
+         <xref target="derivation" />.
           The client can only make use of Tn to
  	 establish an rxgk protected connection if it can derive Kn, which it
  	 can only do if it already knows K0 and K1.

commit 53833efa9c3ba45b484d943522aafc6c728889e2
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:02:12 2013 -0400

     Remove spurious cross-reference

     Must have snuck in due to copy/paste somehow.

     Change-Id: I32d59f33b1a67418d8d27034b5638b25c4e75381

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 3b05697..3075fe2 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -529,7 +529,7 @@ enum RXGK_Level {
           <xref target="COMERR" />, from an RX,
           RXGK, or application-specific table.  See
           <xref target="AFSReg" /> for RXGK error codes.
-         section <xref target="derivation" />.  For example,
+         For example,
           <list style="hanging" hangIndent="6">
             <t hangText="RXGEN_OPCODE">used when
               the server will refuse all CombineTokens requests.</t>

commit bd5d6111f986a5c358dc43fa3f04928f4051507b
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:02:59 2013 -0400

     Server nonce is random, too

     Change-Id: I210eb33a2f40734b4fe338483c4db3becf3b47ab

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 3075fe2..abdee11 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -402,8 +402,8 @@ enum RXGK_Level {
  	representation of the StartParams request received by the server.</t>
        <t hangText="token">An rxgk token. This is an opaque blob, as detailed
  	in <xref target="tokens" />.</t>
-      <t hangText="server_nonce">The nonce used by the server to create the K0
-	used within the rxgk token.</t>
+      <t hangText="server_nonce">The random nonce used by the server to create
+	the K0 used within the rxgk token.</t>
       </list>

       <t>Upon receiving the server's response, the client must verify that the

commit 4b1c3eea16b7f661ab807fba4cea6490b14cade1
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:03:58 2013 -0400

     CombineTokens initial keys are K0 and K1

     Mention both of them.

     Change-Id: I9e486b9ca2aed7c1b4d5bfc5eaeb6d4baa1c8492

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index abdee11..a98cfa8 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -497,8 +497,9 @@ enum RXGK_Level {
        <t>The server receives token0 and token1 from the RPC call, as well
           as the options suggested by the client.  Upon receipt, the server
           decrypts these tokens using its private key. Providing this decryption
-	 is successful, it now has copies of the initial key (K0) from both
-	 tokens.  The server then chooses an enctype and security level from the
+	 is successful, it now has copies of the initial key from both
+	 tokens (K0 and K1).
+	 The server then chooses an enctype and security level from the
  	 lists supplied by the client in the options argument.  The server SHOULD
  	 select the first entry from each list which is acceptable in the
  	 server's configuration, so as to respect any preferences indicated by

commit f22c2952a5dd4832735a0841dfb2d6178b21930d
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:04:44 2013 -0400

     'expiration' is a field not a direct object

     Use 'field' for consistency with the other descriptions.

     Change-Id: I9549915224834383ffd49fcc3dd135fbd0b23a0f

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index a98cfa8..e048d26 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -507,7 +507,7 @@ enum RXGK_Level {
  	 The server then performs the key combination algorithm detailed above
  	 to obtain the new key, Kn. The server then
  	 constructs a new token as follows.
-	 The expiration is set to the minimum of the
+	 The expiration field is set to the minimum of the
  	 expiration values of the original tokens. The lifetime, bytelife,
  	 and any application-specific data fields are each combined so that the
  	 result is the most restrictive of the two values in each of the original

commit a3345791df3d3523d7f7ffb3651ed4d2ccea7a10
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:06:44 2013 -0400

     Remove spurious underscores and typo fix

     We didn't catch all occurrences when renaming the error code symbols.

     Change-Id: I48990ef07ba0c22e2659f10639b762d06498878d

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index e048d26..a0079dd 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -534,9 +534,9 @@ enum RXGK_Level {
           <list style="hanging" hangIndent="6">
             <t hangText="RXGEN_OPCODE">used when
               the server will refuse all CombineTokens requests.</t>
-           <t hangText="RXGK_BAD_ETYPE">used when none of the enctypes
+           <t hangText="RXGK_BADETYPE">used when none of the enctypes
               supplied by the client are acceptable to the server.</t>
-           <t hangText="RXGK_BAD_LEVEL">used when one of the security levels
+           <t hangText="RXGK_BADLEVEL">used when none of the security levels
               supplied by the client are acceptable to the server.</t>
             <t hangText="RXGK_EXPIRED">used when one or more of the input
               tokens was already expired.</t>

commit fe4b999b6a1656152ff65be88e245ee93af0c12d
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:07:37 2013 -0400

     Master keys are not limited to users

     Do not be overly specific.

     Change-Id: I6bf75a425084cccdabed83c7d8fa4580b05910e4

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index a0079dd..fe6a198 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -579,7 +579,7 @@ enum RXGK_Level {
          the client stores the current timestamp as an rxgkTime
  	(start_time for the rest of this discussion), and
        then uses this, along with other connection information, to derive a 
-      transport key from the current user's master key
+      transport key from the current master key
        (see <xref target="derivation" />).</t>

     <t>This key is then used to protect the first message the client sends

commit e7f7016037572dd596a82b3a56c695ae8c6f0e0e
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:08:11 2013 -0400

     Remove comma splice

     Replace with semicolon.

     Change-Id: I25e780505915a96e434e7ddfc854bad9b9d69a36

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index fe6a198..42da658 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -641,7 +641,7 @@ enum RXGK_Level {
  </artwork>
        <t>L is the key generation seed length as specified in the RFC3961
  	 profile.</t>
-      <t>epoch, cid and key_number are passed as 32 bit quantities, start_time
+      <t>epoch, cid and key_number are passed as 32 bit quantities; start_time
  	 is a 64 bit value.</t>
        <t>Note that start_time is selected by the client when it receives the
  	 server's challenge, and shared with the server as part of its

commit 8691f029e167d5b48d8d5ba58a83edb7adfe125c
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:23:49 2013 -0400

     Tidy up authenticator security level

     We are trying to not promulgate an idea that there is a numerical
     ordering of the security levels, so refer to the provided security
     and not the value itself.

     Specify that the server should check the supplied level against
     the negotiated level.

     Change-Id: Ie903b379db0fb73ba2fba6b47ad3bb29d126631e

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 42da658..c5f8949 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -705,8 +705,8 @@ enum RXGK_Level {
  	  <t hangText="nonce:">A copy of the nonce from the challenge.</t>
  	  <t hangText="appdata:">An application specific opaque blob.</t>
  	  <t hangText="level:">The desired security level for this particular
-		  connnection. This MUST NOT be less than the security level
-		  originally negotiated.</t>
+		  connnection. This MUST NOT be less secure than the security
+		  level negotiated for the associated token.</t>
            <t hangText="epoch:">The rx connection epoch.</t>
  	  <t hangText="cid:">The rx connection ID.</t>
            <t hangText="call_numbers:">The set of current rx call numbers for
@@ -725,7 +725,8 @@ enum RXGK_Level {
          compared with the nonce sent in the RXGK_Challenge, and
          the connection ID and epoch compared with that of the current
          connection. The call number vector (call_numbers) should be supplied
-        to the rx implementation.
+        to the rx implementation.  The security level should be confirmed to
+        be at least as secure as the security level of the token.
          Failure of any of these steps MUST result in the failure
          of the security context.
       </t>

commit 921e9529aa5117c3f9bf203a3fe8b784ddbbb5f6
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:27:08 2013 -0400

     Grammarsmith

     Change-Id: I93b3e0601caf64a25df2c7a3a3976e64d3bfeaa7

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index c5f8949..89d8ac9 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -746,7 +746,7 @@ enum RXGK_Level {

     <section title="Integrity Protection">

-     <t>Packet payloads transmitted in the auth security level,
+     <t>Packet payloads transmitted at the auth security level,
          RXGK_LEVEL_AUTH, consist of an opaque blob of MIC data followed
          by the unencrypted original payload data.</t>


commit 55ea5cc56e859535fbc3edec187cd131816be4ed
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:27:53 2013 -0400

     Packet data length is in octets

     Same as for the crypt level.

     Change-Id: I8cacfb4ac8867e2b91ea655b28dc6dd3871d726b

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 89d8ac9..0d5af26 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -783,7 +783,8 @@ enum RXGK_Level {

       <t>All fields MUST be in network byte order.
          The data length field specifies the length of the original packet
-        payload excluding padding required for encryption routines.</t>
+        payload in octets, excluding padding required for encryption
+        routines.</t>

       <t>The packet is transmitted with the following payload:</t>
  <artwork>

commit cf5ee66576b199397ababbafc834a0868746323f
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:29:07 2013 -0400

     Spelling

     Change-Id: I71faa3b82f343f477e29bcb069cea97e5a98ea84

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 0d5af26..2c31c9e 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -861,7 +861,7 @@ enum RXGK_Level {
     </section>
     </section>
     <section anchor="RXGKErr" title="RXGK protocol error codes">
-     <t>This document specifies several erorr codes for use by RXGK
+     <t>This document specifies several error codes for use by RXGK
          implementations (see section <xref target="AFSReg" /> for the
          com_err table).  In general, when an endpoint receives any such
          error code, it should abort the current operation.  The various

commit 8bc236e606a0d0cc29f75e4426ebce4977989a53
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:29:30 2013 -0400

     Grammar

     Change-Id: I82783fd2a9893f0691ea1a6644e2d58ec3b251f1

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 2c31c9e..be260f5 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -882,8 +882,8 @@ enum RXGK_Level {
            constructing a challenge packet but the required data would be larger
            than the server's allowed packet size.  Used when a reply packet
            received by the server is smaller than the expected size of a response
-          packet.  Also for the analogous situations on the other side of the
-          challenge/response exchange.</t>
+          packet.  Also used for the analogous situations on the other side
+          of the challenge/response exchange.</t>

            <t hangText="RXGK_BADCHALLENGE">
            A challenge or response packet (of the expected size) failed to decode

commit c358f85cfc091f55bf9468fa7b8b59112e2a80a9
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue Mar 19 15:31:11 2013 -0400

     Add missing full stop

     Change-Id: I03f063e375b3c79986f8b18940ab2c58c7a0f231

diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index be260f5..342030c 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -966,7 +966,7 @@ end
  	  caution should be exercised when relying on their results. In
  	  particular, clients MUST NOT use an error from GSSNegotiate or
  	  CombineTokens to determine whether to downgrade to another 
-	  security class</t>
+	  security class.</t>
       </section>
       <section title="Token Expiry">
  	<t>This document permits tokens to be issued with expiration times