>>>>> "Alejandro" == Alejandro Perez Mendez <[email protected]> writes:
Sorry for the delay and thanks for all the great comments.
I believe most of these will be fixed in 05; please let me know if I
missed anything.
Alejandro> * It is stated that "The subtoken type MUST be unique
Alejandro> within a given token". Is there any requirement or
Alejandro> motivation for this? Won't this limit us in the future
Alejandro> for extensions? Just asking, cause I don't really know.
I don't think this is a problem.
If we define a subtoken type that you might want more than one of we can
have internal structure within it.
Alejandro> Section 5.7
Alejandro> * I have a question here, not an issue, I'm just
Alejandro> curious. If the PROT_READY is never available and
Alejandro> per-message security services cannot be used before
Alejandro> context establishment, how do you call to GSS_Wrap and
Alejandro> GSS_GetMIC to generate the Channel Bindings and MIC
Alejandro> subtokens?
The mechanism implementation can produce the token without calling
gss_wrap.
However this sort of layering violation is one of the things that caused
me to support using RFC 3961 tokens in 5.6 rather than 4121 tokens.
So this issue gues away in the next version anyway.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
