On Wed, 2 Jan 2013, Benjamin Kaduk wrote:
On Wed, 2 Jan 2013, Simon Wilkinson wrote:
Also, neither of these address Jeff's concern about why we're bothering
with having an 'errorcode' field in ClientInfo, rather than using the RX
abort code. If we're going to specify errors in detail, we need to provide
guidance about when negotiation errors should be sent in an abort packet,
and when sending them within ClientInfo makes sense.
I think I misplaced the mail with Jeff's concerns therein. (Which probably
explains some of my confusion on Jabber as well!)
As you said on Jabber, these are ones which are security sensitive. But we
should have some text to this effect, yes.
I never did find Jeff's mail about this, but I have added some text
mentioning that errors can be "security sensitive" in how they affect
future client behavior, for both GSSNegotiate and CombineTokens. Along
with the security considerations note, that may be enough.
-Ben
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://lists.openafs.org/mailman/listinfo/afs3-standardization
