Re: [Crisp] Re: Last Call Comments on XPC

Andrew Newton <> Thu, 24 August 2006 16:24 UTC

Received: from [] ( by with esmtp (Exim 4.43) id 1GGI0e-0005ZI-UA; Thu, 24 Aug 2006 12:24:48 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1GGI0d-0005Y7-Qy; Thu, 24 Aug 2006 12:24:47 -0400
Received: from ([] by with esmtp (Exim 4.43) id 1GGI0Y-0002rG-Jq; Thu, 24 Aug 2006 12:24:47 -0400
Received: from [] ([::ffff:]) (AUTH: LOGIN anewton) by with esmtp; Thu, 24 Aug 2006 11:44:26 -0400 id 0158835F.44EDC95A.00006A38
Message-ID: <>
Date: Thu, 24 Aug 2006 11:44:21 -0400
From: Andrew Newton <>
User-Agent: Thunderbird (Windows/20060719)
MIME-Version: 1.0
To: Sam Hartman <>
Subject: Re: [Crisp] Re: Last Call Comments on XPC
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
Cc: Marcos Sanz/Denic <>,,
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Cross Registry Information Service Protocol <>
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

Marcos Sanz/Denic wrote:
> Hi Sam,
>> First, you don't specify enough about SASL for an interoperable
>> implementation.  PLease see the application protocol requirements in
>> RFC 4222 for what you need to specify.  My preference is that you
>> reference RFC 4222 not 2222.
> Ok, first of all I am not the author of the draft, it's Andy. But anyway 
> I'll take a look at 4422 (it's pretty new) and review XPC with that new 
> light.

OH! 4422! I starting reading a BCP on OSPF and couldn't figure out what it 
had to do with this.

First, I sent email to one of the authors of 4422 last year asking for 
review, and got an "I'm busy" response.  Though he did say he thought we 
were on the right track.

I've looked at 4422, and have identified several areas where XPC needs 
either better documentation or revision.  However, I'd appreciate more than 
just a vague, "you need to do more".  After all, there's a good chance I 
might miss something in those 33 pages.

That being said, I do have a couple of very specific questions:

1) I understand what the Authorization Identity String (Section 3.4.1) is, 
I'm just unsure where it is to be used.  I was under the impression that 
where it is to be used was specific to each SASL mechanism.

2) Section 3.4 notes that one of the purposes of the challenges and response 
is "authenticate the server to the client".  Does a client have to request 
this authentication?  It isn't clear to me that I need to specific protocol 
interactions for this particular use case or if that is covered in the 
general requirements for a protocol (as listed in Section 4).

3) Section 4, number 1 says that a "service" name must be specified.  I 
didn't readily understand in which protocol operation it is to be specified. 
  Also, would this be different than the identifier we have already picked 
to identify the protocol in the version information: iris.xpc1.


Crisp mailing list