Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv3: request for review

Benjamin Kaduk <kaduk@MIT.EDU> Mon, 04 August 2014 20:01 UTC

Date: Mon, 04 Aug 2014 16:01:15 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Nico Williams <nico@cryptonector.com>
In-Reply-To: <20140804180946.GR3579@localhost>
Message-ID: <alpine.GSO.1.10.1408041555210.21571@multics.mit.edu>
References: <DC941FEB-725A-49E1-8C38-FF765454827C@netapp.com> <alpine.GSO.1.10.1407301239260.21571@multics.mit.edu> <20140801055401.GA7409@localhost> <8FD0C272-6FD3-44FE-BD3D-BAB220E0FF13@netapp.com> <20140801221535.GA3579@localhost> <DDC64AA5-C2B4-404A-A864-212A3A3AECF1@netapp.com> <20140804180946.GR3579@localhost>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; boundary="-559023410-1280839398-1407182342=:21571"
Content-ID: <alpine.GSO.1.10.1408041559090.21571@multics.mit.edu>
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/-hu8UJVKnYKV4NsviNtw2gUqNNE
Cc: "kitten@ietf.org" <kitten@ietf.org>, "Adamson, Andy" <William.Adamson@netapp.com>, NFSv4 <nfsv4@ietf.org>
Subject: Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv3: request for review
Precedence: list

On Mon, 4 Aug 2014, Nico Williams wrote:

> On Mon, Aug 04, 2014 at 04:55:57PM +0000, Adamson, Andy wrote:
>> On Aug 1, 2014, at 6:15 PM, Nico Williams <nico@cryptonector.com> wrote:
>>> (Was "multi-principal" my name for this?  No, I called them compound
>>> authentication.  I prefer "compound”.)
>>
>> Hi NIco
>>
>> I changed the name from ‘compound’ to multi-principal’ in response
>> the review comments at IETF 89 where many NFSv4 WG members expressed
>> that ‘compound’ had too many meanings (especially in NFSv4.x) and
>> led to confusion.
>
> "Compound" is used as an adjective in all cases.  I don't see how
> "compound authentication" (or "compound context handle", ...) is
> confusable with "compound RPC".  But this isn't important enough to me;
> aligning the terminology with AFS' rxgk is.  Ben, what does rxgk call
> this?

If I remember correclty from the talk from Toronto, Andy was not quite so 
keen to align with rxgk, but that may have been based on incomplete data.

Anyway, for rxgk, we don't talk very much about the actual ~compound 
token; the operation itself is CombineTokens or AFSCombineTokens, with the 
latter being the operation which is analogous to the rpcsec case.  The 
AFSCombineTokens case is a little convoluted, since rxgk-afs 
differentiates between "vlserver tokens" (roughly analogous to the MDS) 
and "fileserver tokens" (analogous to the DS).  AFSCombineTokens takes 
vlserver tokens as input and produces fileserver tokens as output, so a 
lot of the time they are just referred to as "fileserver tokens".

There are a couple places where we refer to the CombineTokens output as a 
"combined token", which is I think what you're looking for as an answer. 
That doesn't look like it translates very nicely to the rpcsec case, 
though. :(

-Ben

[kitten] draft-ietf-nfsv4-rpcsec-gssv3: request f… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… J. Bruce Fields
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… J. Bruce Fields
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… J. Bruce Fields
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Nico Williams
[kitten] rpcsec-gssv3 multi-principal authenticat… Benjamin Kaduk
Re: [kitten] rpcsec-gssv3 multi-principal authent… Benjamin Kaduk
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… Nico Williams
Re: [kitten] rpcsec-gssv3 multi-principal authent… Adamson, Andy
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… J. Bruce Fields
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… Nico Williams
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… J. Bruce Fields
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… Benjamin Kaduk
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… Nico Williams
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… J. Bruce Fields
Re: [kitten] rpcsec-gssv3 multi-principal authent… Benjamin Kaduk
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… Benjamin Kaduk
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… Nico Williams
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… Adamson, Andy
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… Nico Williams
Re: [kitten] [nfsv4] rpcsec-gssv3 multi-principal… Adamson, Andy
Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv… Benjamin Kaduk