Re: [kitten] Opsdir last call review of draft-ietf-kitten-rfc5653bis-05
Weijun Wang <weijun.wang@oracle.com> Wed, 06 September 2017 05:42 UTC
Return-Path: <weijun.wang@oracle.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB8EA126DD9; Tue, 5 Sep 2017 22:42:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.72
X-Spam-Level:
X-Spam-Status: No, score=-3.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bhvkugw68yl2; Tue, 5 Sep 2017 22:42:16 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EB8D1241F3; Tue, 5 Sep 2017 22:42:13 -0700 (PDT)
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v865gBC2026705 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Sep 2017 05:42:12 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v865gBLD012245 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Sep 2017 05:42:11 GMT
Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v865gBMb014211; Wed, 6 Sep 2017 05:42:11 GMT
Received: from dhcp-tokyo-twvpn-1a-vpnpool-10-191-26-59.vpn.oracle.com (/10.191.26.59) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 05 Sep 2017 22:42:10 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Weijun Wang <weijun.wang@oracle.com>
In-Reply-To: <150463800843.29826.6748894127604407016@ietfa.amsl.com>
Date: Wed, 06 Sep 2017 13:42:28 +0800
Cc: ops-dir@ietf.org, kitten@ietf.org, ietf@ietf.org, draft-ietf-kitten-rfc5653bis.all@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <2D53D28B-DCAD-485C-A8E5-182EA9C13F16@oracle.com>
References: <150463800843.29826.6748894127604407016@ietfa.amsl.com>
To: Joe Clarke <jclarke@cisco.com>
X-Mailer: Apple Mail (2.3273)
X-Source-IP: userv0022.oracle.com [156.151.31.74]
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/4pqIoV6y6JcEQImIApIyqUw0hlU>
Subject: Re: [kitten] Opsdir last call review of draft-ietf-kitten-rfc5653bis-05
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2017 05:42:18 -0000
Hi Joe When I said it's a compatible change, I meant the behavior is compatible, so either initSecContext or acceptSecContext still throws an exception instead of returning KRB-ERROR in a byte array. I know "compatibility" has lots of different meanings. If this method is called directly (not via refection) it will only compile with a new JDK. The program will not run with an old JDK because in Java the class file contains a magic number that increases with each version. This happens before you can see a NoSuchMethodError. If a developer wants an application or library runnable with an old JDK release but also like to benefit from the new method when running with a new release, some kind of reflection (GSSException.class.getMethod) is needed. In this case the developer will certainly be aware that this method might not exist and deal with it carefully. I feel hesitated to add reflection calls to all examples since that will look quite a mess. How about changing the last paragraph of Section 11 1) to something like: New JGSS programs should make use of this new method but it is not mandatory. A program that intends to run with both old and new Java releases can use reflection to check the availability of this new method and call it accordingly. Thanks Max > > On Sep 6, 2017, at 3:00 AM, Joe Clarke <jclarke@cisco.com> wrote: > > Reviewer: Joe Clarke > Review result: Ready > > I have been asked to do an LC review of draft-ietf-kitten-rfc5653bis on behalf > of the ops directorate (OPS-DIR). > > This draft is an update to the Java bindings for the Generic Security Service > API Version 2. > > Overall, this document is READY. It clearly articulates the reason for the > modifications in the Appendix, and the changes feel straight-forward and make > sense in light of the C API capabilities. > > My one concern is the compatibility of this change relative to the previous > RFC5653 bindings. That is, the previous GSSException does not have a > getOutputToken method. The sample application in the draft (section 7) calls > this new method (and I like the same covers the relevant change in this doc). > But what happens if my Java library is the older 5653 version? A > NoSuchMethodError will be thrown, which is not ideal. > > If there is a set of static properties one can check to see if they have the > supported version of the library (and thus the GSSException.getOutputToken() > method exists), then the example should use those, and that process should be > called out in the text. In lieu of that, introspection could be used to > determine if the new method exists in the current library before it is used. > > This is immediately a concern with any API change, but since the appendix > mentions this is a compatible change, I wanted to raise the point. > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten
- [kitten] Opsdir last call review of draft-ietf-ki… Joe Clarke
- Re: [kitten] Opsdir last call review of draft-iet… Weijun Wang
- Re: [kitten] Opsdir last call review of draft-iet… Joe Clarke
- Re: [kitten] Opsdir last call review of draft-iet… Weijun Wang
- Re: [kitten] Opsdir last call review of draft-iet… Joe Clarke