On Tue, Nov 04, 2008 at 02:57:00AM -0800, Bill Wesse wrote: > Thank you very much for your considerations. I have filed a > documentation change request against [MS-NLMP] concerning NTLMSSP > InitialContextTokens (see 'Expected' below)..
Thanks, Bill. I do have one comment about some of your text below: > Expected: > > Even though we are not claiming compliance with RFC4178, the interpretation > of '3.2. Negotiation Procedure' is a point of interest concerning how we > embed the NTLM NEGOTIATE MESSAGE MechToken (Netmon 3.2 trace extract below, > from the attached spnego_ntlmssp.cap, frame 6. I just want to clarify that the main issue here is non-compliance with RFC 2743, not RFC 4178. There are two separate behaviors that need to be addressed--the behavior without SPNEGO (raw_ntlmssp.cap and gss_ntlmssp.cap) and the behavior with SPNEGO (spnego_raw_ntlmssp.cap and spnego_gss_ntlmssp.cap). I think the non-SPNEGO behavior is the most important aspect to document clearly, and this involves only compliance with RFC 2743, not RFC 4178. The behavior of the Windows NTLM implementations of GSS_Init_sec_context() and GSS_Accept_sec_context() are what is at issue. I think the documentation will be much more clear if it focuses mainly on the differences from RFC 2743, and doesn't complicate the matter by bringing in RFC 4178 unnecessarily. If [MS-NLMP] is updated just to describe the Windows implementation differences from RFC 2743 (without SPNEGO), then that should also implicitly cover the SPNEGO descrepancies from RFC 4178. Since RFC 4718 says that SPNEGO implementations should just invoke GSS_Init_sec_context() and GSS_Accept_sec_context() for the inner mechanism, proper descriptions of the Windows implementations of these functions would cover the SPNEGO behavior too. A minor note that these behaviors also affect SPNEGO should be sufficient. -- Adam Simpkins [EMAIL PROTECTED] _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
