[AFS3-std] New Version Notification for draft-wilkinson-afs3-rxgk-08.txt
(fwd)
Benjamin Kaduk
kaduk@MIT.EDU
Thu, 14 Nov 2013 10:51:01 -0500 (EST)
On Thu, 14 Nov 2013, Michael Meffie wrote:
> On Mon, 21 Oct 2013 19:09:34 -0400
> Benjamin Kaduk <kaduk@MIT.EDU> wrote:
>
>> I have redone the rxgk text on the GSS negotiation loop to refer to a
>> separate document which defines the loop structure. There's still a
>> couple pages of description in section 6.2, but it's just things like how
>> GSS tokens and errors are communicated to the other peer, and required
>> flags on the security context. Do people think this is an improvement?
>
> Thank you for draft 8 Ben. Yes, this is an improvement.
>
>> I've sent the separate document on the GSS neogtiation loop to the kitten
>> WG for comments; that document is
>> http://tools.ietf.org/html/draft-kaduk-kitten-gss-loop-00
>
> Thank you Ben. I see there was some interest in the kitten working group. From
> reading the comments there, my main understanding was, how does the kitten-gss-loop-00
> overlap with RFC 2743?
I spent some time looking into that question this week, and the answer
seems to be that draft-kaduk-kitten-gss-loop-00 imposes only a very minor
additional requirement on applications (using RFC 2743 as a baseline),
namely that "all" input parameters to
gss_init_sec_context/gss_accept_sec_context must remaine fixed throughout
the course of the negotiation loop, instead of just the credential handle.
This is a minor enough detail that I think we're going to end up making
the gss-loop document purely informational, and continue to rely on RFC
2743 as the normative reference. My plan is to make a gss-loop-01 with
that change (and sample code), and then do an rxgk-09 with updated
references accordingly.
-Ben