Thank you Adam - I have added your comments to the change request. Regards, Bill Wesse MCSE, MCTS / Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606
-----Original Message----- From: Adam Simpkins [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 1:15 PM To: Bill Wesse Cc: '[EMAIL PROTECTED]' Subject: Re: (More): Status: SRX080803600053: [MS-NLMP] raw NTLMSSP tokens in GSS-API/SPNEGO On Tue, Nov 04, 2008 at 02:57:00AM -0800, Bill Wesse wrote: > Thank you very much for your considerations. I have filed a > documentation change request against [MS-NLMP] concerning NTLMSSP > InitialContextTokens (see 'Expected' below).. Thanks, Bill. I do have one comment about some of your text below: > Expected: > > Even though we are not claiming compliance with RFC4178, the interpretation > of '3.2. Negotiation Procedure' is a point of interest concerning how we > embed the NTLM NEGOTIATE MESSAGE MechToken (Netmon 3.2 trace extract below, > from the attached spnego_ntlmssp.cap, frame 6. I just want to clarify that the main issue here is non-compliance with RFC 2743, not RFC 4178. There are two separate behaviors that need to be addressed--the behavior without SPNEGO (raw_ntlmssp.cap and gss_ntlmssp.cap) and the behavior with SPNEGO (spnego_raw_ntlmssp.cap and spnego_gss_ntlmssp.cap). I think the non-SPNEGO behavior is the most important aspect to document clearly, and this involves only compliance with RFC 2743, not RFC 4178. The behavior of the Windows NTLM implementations of GSS_Init_sec_context() and GSS_Accept_sec_context() are what is at issue. I think the documentation will be much more clear if it focuses mainly on the differences from RFC 2743, and doesn't complicate the matter by bringing in RFC 4178 unnecessarily. If [MS-NLMP] is updated just to describe the Windows implementation differences from RFC 2743 (without SPNEGO), then that should also implicitly cover the SPNEGO descrepancies from RFC 4178. Since RFC 4718 says that SPNEGO implementations should just invoke GSS_Init_sec_context() and GSS_Accept_sec_context() for the inner mechanism, proper descriptions of the Windows implementations of these functions would cover the SPNEGO behavior too. A minor note that these behaviors also affect SPNEGO should be sufficient. -- Adam Simpkins [EMAIL PROTECTED] _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
