[abfab] Intent to Register two GSSEAP Error Codes
Sam Hartman <hartmans@painless-security.com> Wed, 04 March 2015 12:23 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id CDCFD1A19E9
for <abfab@ietfa.amsl.com>; Wed, 4 Mar 2015 04:23:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.664
X-Spam-Level:
X-Spam-Status: No, score=0.664 tagged_above=-999 required=5
tests=[BAYES_40=-0.001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id k2jRoDj-Zmhg for <abfab@ietfa.amsl.com>;
Wed, 4 Mar 2015 04:23:27 -0800 (PST)
Received: from mail.painless-security.com (mail.painless-security.com
[23.30.188.241])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 74F8B1A01E7
for <abfab@ietf.org>; Wed, 4 Mar 2015 04:23:26 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by mail.painless-security.com (Postfix) with ESMTP id 0590B2063E
for <abfab@ietf.org>; Wed, 4 Mar 2015 07:22:05 -0500 (EST)
Received: from mail.painless-security.com ([127.0.0.1])
by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id FYCyjufd03vv for <abfab@ietf.org>;
Wed, 4 Mar 2015 07:22:04 -0500 (EST)
Received: from carter-zimmerman.suchdamage.org
(c-50-177-26-195.hsd1.ma.comcast.net [50.177.26.195])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "laptop", Issuer "laptop" (not verified))
by mail.painless-security.com (Postfix) with ESMTPS
for <abfab@ietf.org>; Wed, 4 Mar 2015 07:22:04 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042)
id F295A813FF; Wed, 4 Mar 2015 07:22:52 -0500 (EST)
From: Sam Hartman <hartmans@painless-security.com>
To: abfab@ietf.org
Date: Wed, 04 Mar 2015 07:22:52 -0500
Message-ID: <tslioeht0ir.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/jetD7dmzsSgLYYLwIhymwuGK2-M>
Subject: [abfab] Intent to Register two GSSEAP Error Codes
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging,
Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>,
<mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>,
<mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2015 12:23:29 -0000
Hi. We've run across a desire to report two common errors from our acceptor back to the client. Half the usable error space is available for FCFS registrations, and it's my plan to request two error codes from that space. Before I do that I wanted to let folks know what I'm requesting and have a chance to comment: error_code GSSEAP_RADIUS_UNROUTABLE, "Proxy had no route to identity provider realm" error_code GSSEAP_RADIUS_ADMIN_PROHIBIT, "IDP Administratively Prohibits Request" These correspond to RADIUS error cause codes 502 and 501 respectively. As an aside, our code doesn't currently have a good way to deal with the split between the standards action error codes and the FCFS codes, but I'll add that after the registrations are approved by IANA.