[AFS3-std] Re: New Version Notification for draft-wilkinson-afs3-rxgk-03.txt
(fwd)
Benjamin Kaduk
kaduk@MIT.EDU
Tue, 19 Mar 2013 15:56:02 -0400 (EDT)
On Mon, 18 Mar 2013, Benjamin Kaduk wrote:
> This I-D is based off git revision 871c7cadb9377994781a496fb6a10e261d473501
Of course, once I push the new draft I notice a bunch of typos and the
like. (Fixes on github, log below.)
-Ben
git log -p --reverse 850573c..c358f85
commit c8e3519b1c68006bb9ec2a0daf87e886c80d2e72
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 14:35:46 2013 -0400
The rxgk security class doesn't really use GSSAPI
Fix the abstract to reflect the reality of the negotiation service.
Change-Id: Ibf88ed1d231bc9f6af77364026ee16c9bc650c42
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 6b14594..6026103 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -30,8 +30,10 @@
<abstract>
<t>rxgk is a security class for the RX RPC protocol. It uses the GSSAPI
- framework to provide authentication, confidentiality and integrity
- protection. This document provides a general description of rxgk. A
+ framework to provide an authentication service that provides
+ authentication, confidentiality and integrity protection for the
+ rxgk security class.
+ This document provides a general description of rxgk. A
further document will provide details of integration with specific
RX applications. </t>
</abstract>
commit 54336990768e11f2f3851b9458c010afa77c0cc6
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 14:39:58 2013 -0400
We want confidentiality and mutual auth from the GSS mech
Mention that as well as PRF when qualifying the usable GSS mechs.
Change-Id: I6c5fa36b03426f60e8be48cd2a2fe2dd6c6e6963
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 6026103..cc3674c 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -46,6 +46,7 @@
authentication, confidentiality and integrity protection for
rx RPC calls,
using a security context established using any GSSAPI mechanism with
+ confidentiality, mutual authentication, and
<xref target="RFC4401">PRF</xref> support. The External Data
Representation Standardard,
<xref target="RFC4506">XDR</xref>, is used to represent data structures
commit 59a7f8c733ad4f7265fdf09cfa7d8702d1d51faf
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 14:43:08 2013 -0400
RXGK_LEVEL_CLEAR is not always higher throughput
If we're limited by the server's backing store, extra per-packet
overhead does not affect throughput.
Change-Id: I2710c335dd87055cb825fb290a91b14f4753fe21
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index cc3674c..889c697 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -127,7 +127,7 @@ const RXGK_SERVER_ENC_TOKEN = 1036;
<list style="hanging" hangIndent="6">
<t hangText="Authentication only"> (0) Provides only connection
authentication, without either integrity or confidentiality
- protection. This mode of operation provides higher throughput, but
+ protection. This mode of operation can provide higher throughput, but
is vulnerable to man in the middle attacks. This corresponds
to the traditional 'clear' security level.</t>
<t hangText="Integrity"> (1) Provides integrity protection only.
commit 68a2203d069b27c4d31fb6e24acc2900c91a15ce
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 14:48:52 2013 -0400
Entity fix
The escape character is &, not %.
Change-Id: I9919c17134692cbba90d4c9df83c174921565a7f
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 889c697..9ca3778 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -197,7 +197,7 @@ enum RXGK_Level {
application-specific knowledge, when using rxgk over a port number
registered with IANA, the registered service name SHOULD be used to
construct the target principal name as
- <service name>@%lt;hostname%gt; using the name type
+ <service name>@<hostname> using the name type
GSS_C_NT_HOSTBASED_SERVICE.</t>
<t>The key negotiation protocol is defined by the following RPC-L:</t>
commit 624ed946c646bf85bac1520bf62e02bb221f9fb0
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 14:51:11 2013 -0400
GSSNegotiate opaques are not valid across contexts
Clarify that the "next GSSNegotiate call" is only within the
current context negotiation.
Change-Id: Ia0de22a21034d8a8b6193e7b7e188a93ae7e0b7c
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 9ca3778..3a34971 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -287,7 +287,7 @@ enum RXGK_Level {
<t hangText="opaque_out">An opaque token, which the server may use to
preserve state information between multiple calls in the same context
negotiation. The client should use this value as opaque_in in its next
- call to GSSNegotiate.</t>
+ call to GSSNegotiate in this context negotiation.</t>
<t hangText="gss_major_status">The major status code output by the server's
call to gss_accept_sec_context().</t>
<t hangText="gss_minor_status">The minor status code returned by
commit b58d32a7c48ab7fe9bddecbd1d215465fe73bd02
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 14:52:39 2013 -0400
Only the opaque is used for the next GSSNegotiate
The GSS token is consumed by gss_init_sec_context.
Change-Id: Ie6d5f1afb0333e3a8e24563bd2bc67ce70fd70f9
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 3a34971..f268acd 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -303,7 +303,7 @@ enum RXGK_Level {
GSSNegotiate() RPC, until an error or success condition is reached.
Each call to GSSNegotiate will return both an output token from
GSS_Accept_sec_context() and an output opaque that are to be
- used as an inputs for a subsequent call to GSSNegotiate, if
+ used as an input for a subsequent call to GSSNegotiate, if
such a subsequent call is necessary.</t>
<t>Different GSS mechanisms will require a different number of full (or
half) round trips. The structure of the loop, with success and
commit 8c8d710b0e3aedc16d719a07eb2fcecbf6955d69
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 14:56:34 2013 -0400
Spell "boolean" correctly
Change-Id: Id5feab996273d3c635e391c5bc4bff14e636846b
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index f268acd..d871a60 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -313,7 +313,7 @@ enum RXGK_Level {
<t>The client calls GSS_Init_sec_context(), supplying an input token
if one was returned by a previous call to GSSNegotiate().
The client MUST set the mutual_req_flag, conf_req_flag, and
- integ_req_flag boolans to true.</t>
+ integ_req_flag booleans to true.</t>
<t>If the major status code from GSS_Init_sec_context() includes a
fatal error code, the negotiation loop is in an error condition and
terminates. If the major status code is GSS_S_COMPLETE and
commit 6daec62501b4aa77c8ee4a25d2480bb90e8d6fde
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 14:58:54 2013 -0400
Use the RXGK_ prefix for ClientInfo
Change-Id: I7a62327da06c29d45569b1d6c1ca13578b3598f7
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index d871a60..e3acb66 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -362,7 +362,7 @@ enum RXGK_Level {
confidentiality protection. The client should decrypt this structure
using gss_unwrap().</t>
- <t>ClientInfo contains the following server populated
+ <t>RXGK_ClientInfo contains the following server populated
fields:</t>
<list style="hanging" hangIndent="6">
commit af3d8883d73fd134a415c10f75ec98881894845b
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:01:39 2013 -0400
Remove duplicate "section"
xref generally gives this to us, and it looks silly to have two.
Change-Id: If27f7d6bd95341019a5186ba4698317c38e410fb
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index e3acb66..3b05697 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -373,7 +373,7 @@ enum RXGK_Level {
<xref target="COMERR" />
and may represent such conditions as insufficient authorization
or that the client has too many active connections to the service.
- Error codes may be RXGK errors (see section <xref target="AFSReg" />)
+ Error codes may be RXGK errors (see <xref target="AFSReg" />)
or from an application-specific table.</t>
<t hangText="enctype">The encryption type selected by the server.
This SHALL be one of the types listed by the client in its StartParams
@@ -527,7 +527,7 @@ enum RXGK_Level {
RXGK_TokenInfo structure and the value of new_token are undefined.
Nonzero values for errorcode should be com_err codes
<xref target="COMERR" />, from an RX,
- RXGK, or application-specific table. See section
+ RXGK, or application-specific table. See
<xref target="AFSReg" /> for RXGK error codes.
section <xref target="derivation" />. For example,
<list style="hanging" hangIndent="6">
@@ -561,7 +561,7 @@ enum RXGK_Level {
to know which enctype's random-to-key function to use in generating
Kn. With the negotiated enctype, the client can then perform the
key combination algorithm described in
- section <xref target="derivation" />.
+ <xref target="derivation" />.
The client can only make use of Tn to
establish an rxgk protected connection if it can derive Kn, which it
can only do if it already knows K0 and K1.
commit 53833efa9c3ba45b484d943522aafc6c728889e2
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:02:12 2013 -0400
Remove spurious cross-reference
Must have snuck in due to copy/paste somehow.
Change-Id: I32d59f33b1a67418d8d27034b5638b25c4e75381
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 3b05697..3075fe2 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -529,7 +529,7 @@ enum RXGK_Level {
<xref target="COMERR" />, from an RX,
RXGK, or application-specific table. See
<xref target="AFSReg" /> for RXGK error codes.
- section <xref target="derivation" />. For example,
+ For example,
<list style="hanging" hangIndent="6">
<t hangText="RXGEN_OPCODE">used when
the server will refuse all CombineTokens requests.</t>
commit bd5d6111f986a5c358dc43fa3f04928f4051507b
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:02:59 2013 -0400
Server nonce is random, too
Change-Id: I210eb33a2f40734b4fe338483c4db3becf3b47ab
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 3075fe2..abdee11 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -402,8 +402,8 @@ enum RXGK_Level {
representation of the StartParams request received by the server.</t>
<t hangText="token">An rxgk token. This is an opaque blob, as detailed
in <xref target="tokens" />.</t>
- <t hangText="server_nonce">The nonce used by the server to create the K0
- used within the rxgk token.</t>
+ <t hangText="server_nonce">The random nonce used by the server to create
+ the K0 used within the rxgk token.</t>
</list>
<t>Upon receiving the server's response, the client must verify that the
commit 4b1c3eea16b7f661ab807fba4cea6490b14cade1
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:03:58 2013 -0400
CombineTokens initial keys are K0 and K1
Mention both of them.
Change-Id: I9e486b9ca2aed7c1b4d5bfc5eaeb6d4baa1c8492
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index abdee11..a98cfa8 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -497,8 +497,9 @@ enum RXGK_Level {
<t>The server receives token0 and token1 from the RPC call, as well
as the options suggested by the client. Upon receipt, the server
decrypts these tokens using its private key. Providing this decryption
- is successful, it now has copies of the initial key (K0) from both
- tokens. The server then chooses an enctype and security level from the
+ is successful, it now has copies of the initial key from both
+ tokens (K0 and K1).
+ The server then chooses an enctype and security level from the
lists supplied by the client in the options argument. The server SHOULD
select the first entry from each list which is acceptable in the
server's configuration, so as to respect any preferences indicated by
commit f22c2952a5dd4832735a0841dfb2d6178b21930d
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:04:44 2013 -0400
'expiration' is a field not a direct object
Use 'field' for consistency with the other descriptions.
Change-Id: I9549915224834383ffd49fcc3dd135fbd0b23a0f
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index a98cfa8..e048d26 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -507,7 +507,7 @@ enum RXGK_Level {
The server then performs the key combination algorithm detailed above
to obtain the new key, Kn. The server then
constructs a new token as follows.
- The expiration is set to the minimum of the
+ The expiration field is set to the minimum of the
expiration values of the original tokens. The lifetime, bytelife,
and any application-specific data fields are each combined so that the
result is the most restrictive of the two values in each of the original
commit a3345791df3d3523d7f7ffb3651ed4d2ccea7a10
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:06:44 2013 -0400
Remove spurious underscores and typo fix
We didn't catch all occurrences when renaming the error code symbols.
Change-Id: I48990ef07ba0c22e2659f10639b762d06498878d
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index e048d26..a0079dd 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -534,9 +534,9 @@ enum RXGK_Level {
<list style="hanging" hangIndent="6">
<t hangText="RXGEN_OPCODE">used when
the server will refuse all CombineTokens requests.</t>
- <t hangText="RXGK_BAD_ETYPE">used when none of the enctypes
+ <t hangText="RXGK_BADETYPE">used when none of the enctypes
supplied by the client are acceptable to the server.</t>
- <t hangText="RXGK_BAD_LEVEL">used when one of the security levels
+ <t hangText="RXGK_BADLEVEL">used when none of the security levels
supplied by the client are acceptable to the server.</t>
<t hangText="RXGK_EXPIRED">used when one or more of the input
tokens was already expired.</t>
commit fe4b999b6a1656152ff65be88e245ee93af0c12d
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:07:37 2013 -0400
Master keys are not limited to users
Do not be overly specific.
Change-Id: I6bf75a425084cccdabed83c7d8fa4580b05910e4
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index a0079dd..fe6a198 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -579,7 +579,7 @@ enum RXGK_Level {
the client stores the current timestamp as an rxgkTime
(start_time for the rest of this discussion), and
then uses this, along with other connection information, to derive a
- transport key from the current user's master key
+ transport key from the current master key
(see <xref target="derivation" />).</t>
<t>This key is then used to protect the first message the client sends
commit e7f7016037572dd596a82b3a56c695ae8c6f0e0e
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:08:11 2013 -0400
Remove comma splice
Replace with semicolon.
Change-Id: I25e780505915a96e434e7ddfc854bad9b9d69a36
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index fe6a198..42da658 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -641,7 +641,7 @@ enum RXGK_Level {
</artwork>
<t>L is the key generation seed length as specified in the RFC3961
profile.</t>
- <t>epoch, cid and key_number are passed as 32 bit quantities, start_time
+ <t>epoch, cid and key_number are passed as 32 bit quantities; start_time
is a 64 bit value.</t>
<t>Note that start_time is selected by the client when it receives the
server's challenge, and shared with the server as part of its
commit 8691f029e167d5b48d8d5ba58a83edb7adfe125c
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:23:49 2013 -0400
Tidy up authenticator security level
We are trying to not promulgate an idea that there is a numerical
ordering of the security levels, so refer to the provided security
and not the value itself.
Specify that the server should check the supplied level against
the negotiated level.
Change-Id: Ie903b379db0fb73ba2fba6b47ad3bb29d126631e
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 42da658..c5f8949 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -705,8 +705,8 @@ enum RXGK_Level {
<t hangText="nonce:">A copy of the nonce from the challenge.</t>
<t hangText="appdata:">An application specific opaque blob.</t>
<t hangText="level:">The desired security level for this particular
- connnection. This MUST NOT be less than the security level
- originally negotiated.</t>
+ connnection. This MUST NOT be less secure than the security
+ level negotiated for the associated token.</t>
<t hangText="epoch:">The rx connection epoch.</t>
<t hangText="cid:">The rx connection ID.</t>
<t hangText="call_numbers:">The set of current rx call numbers for
@@ -725,7 +725,8 @@ enum RXGK_Level {
compared with the nonce sent in the RXGK_Challenge, and
the connection ID and epoch compared with that of the current
connection. The call number vector (call_numbers) should be supplied
- to the rx implementation.
+ to the rx implementation. The security level should be confirmed to
+ be at least as secure as the security level of the token.
Failure of any of these steps MUST result in the failure
of the security context.
</t>
commit 921e9529aa5117c3f9bf203a3fe8b784ddbbb5f6
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:27:08 2013 -0400
Grammarsmith
Change-Id: I93b3e0601caf64a25df2c7a3a3976e64d3bfeaa7
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index c5f8949..89d8ac9 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -746,7 +746,7 @@ enum RXGK_Level {
<section title="Integrity Protection">
- <t>Packet payloads transmitted in the auth security level,
+ <t>Packet payloads transmitted at the auth security level,
RXGK_LEVEL_AUTH, consist of an opaque blob of MIC data followed
by the unencrypted original payload data.</t>
commit 55ea5cc56e859535fbc3edec187cd131816be4ed
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:27:53 2013 -0400
Packet data length is in octets
Same as for the crypt level.
Change-Id: I8cacfb4ac8867e2b91ea655b28dc6dd3871d726b
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 89d8ac9..0d5af26 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -783,7 +783,8 @@ enum RXGK_Level {
<t>All fields MUST be in network byte order.
The data length field specifies the length of the original packet
- payload excluding padding required for encryption routines.</t>
+ payload in octets, excluding padding required for encryption
+ routines.</t>
<t>The packet is transmitted with the following payload:</t>
<artwork>
commit cf5ee66576b199397ababbafc834a0868746323f
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:29:07 2013 -0400
Spelling
Change-Id: I71faa3b82f343f477e29bcb069cea97e5a98ea84
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 0d5af26..2c31c9e 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -861,7 +861,7 @@ enum RXGK_Level {
</section>
</section>
<section anchor="RXGKErr" title="RXGK protocol error codes">
- <t>This document specifies several erorr codes for use by RXGK
+ <t>This document specifies several error codes for use by RXGK
implementations (see section <xref target="AFSReg" /> for the
com_err table). In general, when an endpoint receives any such
error code, it should abort the current operation. The various
commit 8bc236e606a0d0cc29f75e4426ebce4977989a53
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:29:30 2013 -0400
Grammar
Change-Id: I82783fd2a9893f0691ea1a6644e2d58ec3b251f1
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index 2c31c9e..be260f5 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -882,8 +882,8 @@ enum RXGK_Level {
constructing a challenge packet but the required data would be larger
than the server's allowed packet size. Used when a reply packet
received by the server is smaller than the expected size of a response
- packet. Also for the analogous situations on the other side of the
- challenge/response exchange.</t>
+ packet. Also used for the analogous situations on the other side
+ of the challenge/response exchange.</t>
<t hangText="RXGK_BADCHALLENGE">
A challenge or response packet (of the expected size) failed to decode
commit c358f85cfc091f55bf9468fa7b8b59112e2a80a9
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue Mar 19 15:31:11 2013 -0400
Add missing full stop
Change-Id: I03f063e375b3c79986f8b18940ab2c58c7a0f231
diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
index be260f5..342030c 100644
--- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
+++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
@@ -966,7 +966,7 @@ end
caution should be exercised when relying on their results. In
particular, clients MUST NOT use an error from GSSNegotiate or
CombineTokens to determine whether to downgrade to another
- security class</t>
+ security class.</t>
</section>
<section title="Token Expiry">
<t>This document permits tokens to be issued with expiration times