On 2 Jan 2013, at 22:28, Benjamin Kaduk wrote: > In addition to the introduction of RXGK com_err codes, I also pushed a couple > of commits from Mike Meffie. The first one is a reordering the discussion of > auth-only, integrity protection, and encryption for packet handling, so as to > match up with the order that the security levels are introduced in. There's > also some clarification of how packet handling works for RXGK_AUTH, along > with explicit diagrams for the get_mic input blob and the on-the-wire data. > Thanks, Mike!
In f39602cbebebeb777f7e0fd1d4ac90ef4c3d3a6e Mike has "The RXGK_CLIENT_MIC_PACKET key" and "The RXGK_SERVER_MIC_PACKET key". These are not keys, they are key usage values, as noted in the original text. Also, the second piece of artwork suggests that the MIC will be an exact multiple of 4 bytes - I don't think we actually have any such guarantee from the RFC3961 profiles, and the danger is that this suggests that the payload will be word aligned within the packet. Other than that, Mike's changes look fine to me. > Going back through my emails, I don't have anything else sitting in my inbox > with concerns about the CombineTokens language. Simon, is it time for a new > I-D? I'd like to resolve what we're doing about errors (see the other email), and fix the above before publishing a new I-D. Once they're done, I'd agree that it's a good point to publish something. Cheers, Simon _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
