[AFS3-std] rxgk CombineTokens and enctypes

Benjamin Kaduk kaduk@MIT.EDU
Wed, 20 Mar 2013 16:57:27 -0400 (EDT)


On Wed, 2 Jan 2013, Benjamin Kaduk wrote:

> On Wed, 2 Jan 2013, Simon Wilkinson wrote:
>
>> 
>> Also, neither of these address Jeff's concern about why we're bothering 
>> with having an 'errorcode' field in ClientInfo, rather than using the RX 
>> abort code. If we're going to specify errors in detail, we need to provide 
>> guidance about when negotiation errors should be sent in an abort packet, 
>> and when sending them within ClientInfo makes sense.
>
> I think I misplaced the mail with Jeff's concerns therein.  (Which probably 
> explains some of my confusion on Jabber as well!)
>
> As you said on Jabber, these are ones which are security sensitive.  But we 
> should have some text to this effect, yes.

I never did find Jeff's mail about this, but I have added some text 
mentioning that errors can be "security sensitive" in how they affect 
future client behavior, for both GSSNegotiate and CombineTokens.  Along 
with the security considerations note, that may be enough.

-Ben