On 8 Dec 2011, at 23:55, Russ Allbery wrote: > The enum RXGK_Level doesn't include the value for Bind, even though one > has been assigned. Is that intentional?
That's an oversight, it'll be fixed in the next document > Section 5: > > I think that should be "by decrypting the information," correct? Yes - fixed > There's no way to convey the minor GSS-API status back to the client? > With Kerberos GSS-API negotiations, that often contains very useful > information; the major status is usually basically useless. That's correct, there's currently no way of returning minor status information. This is where it gets interesting, as there's no guarantee that minor status be portable between arbitrary GSSAPI implementations (so you can't feed one implementation's minor_status into another implementation's display_error and get the right results). Whilst RFC4121 specifies a standard set of textual identifiers for Kerberos minor_status, it doesn't specify numeric identifiers. > expiration in the RXGK_ClientInfo struct doesn't use the time format > defined elsewhere as the rxgk time format? That's an oversight - fixed to use rxgkTime > > In 8.3, what's the rx epoch? Is that an rx concept that we're just using > under the assumption that readers are already familiar with rx? Yes. Sadly there isn't a good reference document describing RX - the best source at present seems to be http://web.mit.edu/kolya/afs/rx/rx-spec, which Mike reformatted as an I-D back in 2009, although Mike's version no longer appears to be available. From that document: The connection epoch is a unique value chosen by Rx on startup and used by the peer to both to identify connections to this host, and to detect when this host's Rx restarts I'll add a reference to this in the Introduction, as well as a reference to the XDR specification > In 8.5, start_time here is also specified as the number of seconds since > epoch, which is not the rxgk timestamp format defined earlier. This was a late edit - the structure definition specifies it as rxgkTime, but the text still refers to it as seconds. Fixed. > 8.6 talks about a version number of the rxgk challenge, but the challenge > specified in 8.4 doesn't include a version field. I've removed that text. Thanks for the comprehensive review! Cheers, Simon. _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
