We use token types 06 01 and 06 02 for initial context tokens.
However, RFC 4121 section 4.4 reserves token ID 06 01 through 06 ff in order that you can unambiguously distinguish ASN.1 wrapped framing from other framing. Luke, was this an oops or was something more clever going on. In the specific case of draft-ietf-abfab-gss-eap, section 5 requires all our context tokens have the ASN.1 framing. So, testing the first octet for 06 to determine if ASN.1 framing is present is still a fine test so long as you don't do it recursively. I think we have a couple options: 1) Change the token types we use. I don't know if this is a viable option: I need to contact the moonshot community and figure out if people are willing to invalidate all existing deployments. My suspicion is There would be moderate to infinite push back on this. 2) Register 06 01 and 06 02, reserve 06 00 and 06 03 through 06 ff. I think option 2 is acceptable because our mechanism always happens to use ASN.1 framing. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
