Tom Yu wrote: > Sam Hartman <[email protected]> writes: > > > We use token types 06 01 and 06 02 for initial context tokens. > > > > However, RFC 4121 section 4.4 reserves token ID 06 01 through 06 ff in > > order that you can unambiguously distinguish ASN.1 wrapped framing from > > other framing. > > RFC 4121 Section 4.4 reserves 60 00 through 60 FF. The BER identifier > octet for "Application tag 0 (constructed)" is 0x60, not 0x06. (0x06 > would be "Universal tag 6 (primitive)", also known as "OBJECT > IDENTIFIER".)
Correct. 0x60 will be the first byte of a "generic framing" as it must be present on the initial context token as described in rfc2743, Section 3.1 Mechanism-independent token format (bottom of page 81) http://tools.ietf.org/html/rfc2743#page-81 1. 0x60 -- Tag for [APPLICATION 0] SEQUENCE; indicates that -- constructed form, definite length encoding follows. The Kerberos rfc1964 gssapi mechanism decided to (re-)use that generic framing on all context-level tokens, plus on all per-message tokens. rfc4121 dropped the generic framing on the per-message token, and the quoted rule (and exemption for token IDs (60 00 -- 60 ff) is to enable a cheap heuristic to recognize whether a generic framing is present on a Kerberos per-message token. -Martin _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
