On Thu, 14 Nov 2013, Michael Meffie wrote:
On Mon, 21 Oct 2013 19:09:34 -0400
Benjamin Kaduk <[email protected]> wrote:
I have redone the rxgk text on the GSS negotiation loop to refer to a
separate document which defines the loop structure. There's still a
couple pages of description in section 6.2, but it's just things like how
GSS tokens and errors are communicated to the other peer, and required
flags on the security context. Do people think this is an improvement?
Thank you for draft 8 Ben. Yes, this is an improvement.
I've sent the separate document on the GSS neogtiation loop to the kitten
WG for comments; that document is
http://tools.ietf.org/html/draft-kaduk-kitten-gss-loop-00
Thank you Ben. I see there was some interest in the kitten working group. From
reading the comments there, my main understanding was, how does the
kitten-gss-loop-00
overlap with RFC 2743?
I spent some time looking into that question this week, and the answer
seems to be that draft-kaduk-kitten-gss-loop-00 imposes only a very minor
additional requirement on applications (using RFC 2743 as a baseline),
namely that "all" input parameters to
gss_init_sec_context/gss_accept_sec_context must remaine fixed throughout
the course of the negotiation loop, instead of just the credential handle.
This is a minor enough detail that I think we're going to end up making
the gss-loop document purely informational, and continue to rely on RFC
2743 as the normative reference. My plan is to make a gss-loop-01 with
that change (and sample code), and then do an rxgk-09 with updated
references accordingly.
-Ben
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://lists.openafs.org/mailman/listinfo/afs3-standardization
