[AFS3-std] rxgk gss negotiation loop description

Michael Meffie mmeffie@sinenomine.net
Mon, 6 May 2013 11:35:17 -0400 

> > On Wed, 1 May 2013, Simon Wilkinson wrote:
> > > My worry about the description of the control flow isn't that it may
> > > confuse implementors. I'm concerned because it explicitly forbids
> > > behaviour that is required in order to support some multi-round trip
> > > GSSAPI mechanisms. I would prefer that we have no description at all
> > > rather than what is in the document at present.
> > 
> > Is this referring just to the case where gss_init_sec_context returns
> > GSS_S_COMPLETE but a nonempty output token?  I believe this can be
> > remedied with the insertion of a single sentence, and has already been
> > pushed to my github repo.
> 
> Specifically here, I believe:

Hello Simon,

Does the 'Correct omissions in GSS loop description' change address your
concern about the negotiation loop description?



> > commit 3a37c19e09df3241d16a1508ad62fabf5dc8367f
> > Author: Ben Kaduk <kaduk@mit.edu>
> > Date:   Fri Apr 26 18:59:05 2013 -0400
> > 
> >      Correct omissions in GSS loop description
> > 
> >      Change-Id: Iba911f65d995be30596e4b2131d574acbacfa850
> > 
> > diff --git a/src/rxgk/draft-wilkinson-afs3-rxgk.xml b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
> > index d2cd9f2..19829c3 100644
> > --- a/src/rxgk/draft-wilkinson-afs3-rxgk.xml
> > +++ b/src/rxgk/draft-wilkinson-afs3-rxgk.xml
> > @@ -289,7 +289,10 @@ enum RXGK_Level {
> >              terminates.  If the major status code is GSS_S_COMPLETE and the
> >              output token is zero length, this is a success condition and
> >              the negotiation loop terminates (this cannot happen on the first
> > -           iteration of the loop).  Otherwise, if the major status code
> > +           iteration of the loop).  If the major status code is GSS_S_COMPLETE
> > +           and the output token is of nonzero length, the negotiation loop
> > +           proceeds and the token is sent to the server.
> > +           Otherwise, if the major status code
> >              does not include GSS_S_CONTINUE_NEEDED, the negotiation loop
> >              is in an error condition and terminates.  If the major status code
> >              includes GSS_S_CONTINUE_NEEDED, the output token is sent to the



-- 
Michael Meffie <mmeffie@sinenomine.net>