I like the ability to canonicalize target names during security context establishment, particularly when target_name == GSS_C_NO_NAME.
The idea that a name could be wildcarded is neat, but not really necessary since the client could just use target_name == GSS_C_NO_NAME then do the matching on the actual target name (obtained with GSS_Inquire_context()). Ah, but if the acceptor is using GSS_C_NO_CREDENTIAL and has credentials for lots of names including host-based service names for lots of services... then the selected target name may not match the initiator's desired service name. To add wildcarding to the API would require some additional work at the API level (mainly in the form of new name types, i think), but it could be done. I'd be OK with it. Nico -- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
