[AFS3-std] Re: updates from last call comments on draft-wilkinson-afs3-rxgk-afs-04

Andrew Deason adeason@sinenomine.net
Thu, 2 May 2013 10:07:12 -0500


On Wed, 1 May 2013 11:09:36 -0400 (EDT)
Benjamin Kaduk <kaduk@MIT.EDU> wrote:

> In response to the comments made during the last-call period on this
> draft, I made some changes in my git repository, which are included
> inline below.  Please let me know if you think your comment(s) have
> not been addressed either in an email reply or the changes below.

This addresses everything I raised.

I still think RXGK_MAXMIC could be larger, just because I see no reason
to make it around 8k. But 1k probably won't see any issues, either. If
there are ever MICs that actually require that much data, we'll probably
start to have problems trying to use it with RXGK_LEVEL_AUTH packets.

Also, this doesn't really matter, but I just noticed it might have been
easier to read the raw XML if you used CDATA sections for for RPC-L
artwork. Then I don't think you'd need to use the e.g. &lt; entities in
there.

On Wed, 1 May 2013 12:32:41 -0400 (EDT)
Benjamin Kaduk <kaduk@MIT.EDU> wrote:

> On Wed, 1 May 2013, Simon Wilkinson wrote:
> > My worry about the description of the control flow isn't that it may
> > confuse implementors. I'm concerned because it explicitly forbids
> > behaviour that is required in order to support some multi-round trip
> > GSSAPI mechanisms. I would prefer that we have no description at all
> > rather than what is in the document at present.
> 
> Is this referring just to the case where gss_init_sec_context returns
> GSS_S_COMPLETE but a nonempty output token?  I believe this can be
> remedied with the insertion of a single sentence, and has already been
> pushed to my github repo.

Specifically here, I believe:

> git log -p --reverse:
> commit 3a37c19e09df3241d16a1508ad62fabf5dc8367f
> Author: Ben Kaduk <kaduk@mit.edu>
> Date:   Fri Apr 26 18:59:05 2013 -0400
> 
>      Correct omissions in GSS loop description
> 
>      Change-Id: Iba911f65d995be30596e4b2131d574acbacfa850
> 
> diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
> index d2cd9f2..19829c3 100644
> --- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
> +++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
> @@ -289,7 +289,10 @@ enum RXGK_Level {
>              terminates.  If the major status code is GSS_S_COMPLETE and the
>              output token is zero length, this is a success condition and
>              the negotiation loop terminates (this cannot happen on the first
> -           iteration of the loop).  Otherwise, if the major status code
> +           iteration of the loop).  If the major status code is GSS_S_COMPLETE
> +           and the output token is of nonzero length, the negotiation loop
> +           proceeds and the token is sent to the server.
> +           Otherwise, if the major status code
>              does not include GSS_S_CONTINUE_NEEDED, the negotiation loop
>              is in an error condition and terminates.  If the major status code
>              includes GSS_S_CONTINUE_NEEDED, the output token is sent to the

-- 
Andrew Deason
adeason@sinenomine.net