Re: Determining a token's mechanism
Dennis Glatting <dennisg@sickly.cybersafe.com> Tue, 25 April 1995 18:54 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa08908; 25 Apr 95 14:54 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa08904; 25 Apr 95 14:54 EDT
Received: from pad-thai.cam.ov.com by CNRI.Reston.VA.US id aa17727; 25 Apr 95 14:54 EDT
Received: from MIT.EDU by pad-thai.cam.ov.com (8.6.12/) with SMTP id <OAA21692@pad-thai.cam.ov.com>; Tue, 25 Apr 1995 14:22:42 -0400
Received: from kerby.ocsg.com by MIT.EDU with SMTP id AA21642; Tue, 25 Apr 95 13:51:56 EDT
Received: from sickly.cybersafe.com (sickly.cybersafe.com [192.156.168.11]) by kerby.ocsg.com (8.6.12/8.6.11, dpg hack 11mar95) with SMTP id KAA23975; Tue, 25 Apr 1995 10:51:50 -0700
Received: by sickly.cybersafe.com (NX5.67d/NX3.0S) id AA22370; Tue, 25 Apr 95 10:51:48 -0700
Date: Tue, 25 Apr 1995 10:51:48 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Dennis Glatting <dennisg@sickly.cybersafe.com>
Message-Id: <9504251751.AA22370@sickly.cybersafe.com>
Received: by NeXT.Mailer (1.100)
Received: by NeXT Mailer (1.100)
To: John Linn <linn@cam.ov.com>
Subject: Re: Determining a token's mechanism
Cc: cat-ietf@mit.edu
> Date: Tue, 25 Apr 1995 13:20:48 -0400 > From: John Linn <linn@cam.ov.com> > > Dennis writes: > > >What value does SPKM_Parse_token() offer the > >application programmer? How would it be used? > > Not sure what to say over/above the discussion in Sec. 6 of > draft-ietf-cat-spkmgss-02.txt. Do you have areas from > that section's treatment of usage and rationale in mind > as needing clarification or improvement? > That section assumes all tokens are encoded with an OID and a token type identifier. The GSS-API does not make that a requirement thereby making the SPKM_Parse_token()'s utility as a general purpose GSS-API function dubious. Further, SPKM_Parse_token()'s function is to aid demultiplexing tokens which is only useful in a limited context. The function SPKM_Parse_token() is useful if you have a single context for a given mechanism and are blindly exchanging tokens after a context is established. However, many application protocols know what is being exchanged and how to process the data thereby mitigating the need to interrogate GSS-API tokens. Further, those application protocols may have to encapsulate GSS-API tokens to indicate length. Why not a type indicator too? When we look away from mechanism exclusivity and tokens sent blindly across a connection to multiple mechanism contexts across one or more connections then the utility of SPKM_Parse_token() is lost. For these reasons I do not believe a GSS-API variant of SPKM_Parse_token() is useful to the application programmer. My questions stand. -dpg
- Re: Determining a token's mechanism Dennis Glatting
- Re: Determining a token's mechanism Marc Horowitz
- Re: Determining a token's mechanism John Linn
- Re: Determining a token's mechanism Dennis Glatting
- Determining a token's mechanism John Linn
- Re: Determining a token's mechanism Doug Rosenthal
- Re: Determining a token's mechanism Dan Nessett