[AFS3-std] Finishing the core rxgk document
Nico Williams
nico@cryptonector.com
Fri, 18 Oct 2013 14:31:47 -0500
On Fri, Oct 18, 2013 at 02:46:34PM -0400, Jeffrey Hutzelman wrote:
> On Thu, 2013-10-17 at 23:08 -0400, Benjamin Kaduk wrote:
> > > GSS security context token exchanges are synchronous and may involve
> > > any number of context tokens larger than or equal to one.
> > > Implementations MUST NOT assume any number of context tokens for any
> > > one mechanism, but implementations MAY set an upper bound no less
> > > than six (6).
> >
> > I'm not sure where the number six is coming from, so I haven't taken this
> > part yet. The rest of the wording is probably okay to take, though.
Er, I pulled it out of... thin air just because there has to be a limit
sometime. Make 20. Or say nothing about that.
> Me either. Naturally, a client can give up whenever it wants. However,
> this is really not the place to introduce what is essentially a new
> limitation on GSS-API mechanisms. No one is going to say "we can't
> standardize this mech because it requires 7 round trips and AFS only
> supports 6".
Agreed.