Re: comments on java bindings update, draft-ietf-kitten-rfc2853bis-02
Seema Malkani <Seema.Malkani@Sun.COM> Thu, 09 November 2006 21:59 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GiHva-0007cQ-EJ; Thu, 09 Nov 2006 16:59:18 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GiHvZ-0007bt-OE for kitten@ietf.org; Thu, 09 Nov 2006 16:59:17 -0500
Received: from nwk-ea-fw-1.sun.com ([192.18.42.249]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GiHvU-0002LQ-0R for kitten@ietf.org; Thu, 09 Nov 2006 16:59:17 -0500
Received: from d1-sfbay-10.sun.com ([192.18.39.120]) by nwk-ea-fw-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id kA9Lx6hE003842 for <kitten@ietf.org>; Thu, 9 Nov 2006 13:59:06 -0800 (PST)
Received: from conversion-daemon.d1-sfbay-10.sun.com by d1-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) id <0J8H00101GXX2S00@d1-sfbay-10.sun.com> (original mail from Seema.Malkani@Sun.COM) for kitten@ietf.org; Thu, 09 Nov 2006 13:59:06 -0800 (PST)
Received: from [129.145.128.115] by d1-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPSA id <0J8H000J3H2G7RPD@d1-sfbay-10.sun.com>; Thu, 09 Nov 2006 13:59:06 -0800 (PST)
Date: Thu, 09 Nov 2006 13:58:58 -0800
From: Seema Malkani <Seema.Malkani@Sun.COM>
In-reply-to: <E6F31331-D44A-4599-AC98-2AD748A81B66@mit.edu>
To: Ken Raeburn <raeburn@MIT.EDU>
Message-id: <4553A4A2.3060809@Sun.COM>
MIME-version: 1.0
Content-type: text/plain; format="flowed"; charset="ISO-8859-15"
Content-transfer-encoding: 7bit
X-Accept-Language: en-us, en
References: <E6F31331-D44A-4599-AC98-2AD748A81B66@mit.edu>
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7) Gecko/20041221
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 48472a944c87678fcfe8db15ffecdfff
Cc: kitten@ietf.org
Subject: Re: comments on java bindings update, draft-ietf-kitten-rfc2853bis-02
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Seema.Malkani@Sun.COM
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Errors-To: kitten-bounces@lists.ietf.org
Thanks for the review, Ken.
Ken Raeburn wrote On 11/07/06 18:56,:
> Jeff was complaining because not enough people had reviewed the java
> bindings, so I took a look. Not that I'm any great expert on Java,
> but I do okay with English and sometimes even with GSSAPI...
>
> The abstract says in part:
>
> This document
> updates the Java bindings for the GSS-API that are specified in
> "Generic Security Service API version 2 : Java Bindings" (RFC2853).
> This document obsoletes RFC2853 by making specific and incremental
> clarifications and corrections to it in response to
> identification of
> transcription errors and implementation experience. The note-worthy
> changes are in sections 4.12.1, 6.2.2, 6.3.2, and 6.8.1 of RFC2853,
> which are replaced by the sections 5.12.1, 7.2.2, 7.3.2, and
> 7.8.1 of
> this document, where numerical constants were either added or
> modified.
>
> But aside from this, I didn't see a detailed description of just
> what's changed from the previous version. (I didn't go back and
> check the email archives though.) A non-normative section listing
> the changes from RFC 2853 would've been helpful.
The Abstract has a summary of changes, listing the specific section
updates. Would a list of changes in an Appendix section at the end of
the draft be helpful ?
>
> So I poked at the two versions with Emacs a bit, stripping out page
> headers and footers and line breaks and comparing what was left. I
> think my list covers everything changed, and I've got comments on
> some of the changes:
>
> * minor grammatical fixes, basic text changes in the intro relating
> to this being an update
>
> * changes to various number assignments, new status codes added
The GSS status code update is the one of the significant update to RFC
2853. The GSS error code values use for GSS exceptions were incorrect in
the original RFC 2853.
>
> * description of some error codes as returned only during context
> establishment is duplicated in initial list of status codes, not just
> buried toward the back of the document
RFC 2853 defined the GSS error codes in section 4.12.1. The Static
constants defined in Java class are listed in section 6.8.1
RFC 2853 update now defines the GSS error codes in section 5.12.1, and
static constants in section 7.8.1
>
> * reordered entries in some tables
GSS error code values have been updated, that resulted in the
re-ordering to be sequential.
>
> * added labels "Figure 3" through "Figure 9" to various tables,
> though the labels aren't always on the same page as the table being
> labeled (e.g., "Figure 3" at the top of page 32, describing the table
> that's on page 31); where are Figures 1 and 2? Can the labels just
> go away?
RFC 2853 was written in text format, hence labeling was easier to add.
And now RFC 2853 Update has been written in XML format, the labeling
comes from the standard xml tags.
>
> * java syntax tweaks (array parameters, missing return types)
>
> * specify values for INITIATE_AND_ACCEPT and friends in a bunch of
> places (isn't one enough?), where they weren't specified at all in
> rfc2853
RFC 2853 defined the Credential usage Static constants in section 6.3.2,
but missed defining the usage values.
This draft defines the Credential usage values in section 7.3.2
>
> * status code values being specified in a couple of places now
> (5.12.1, 7.8.1); I didn't check for consistency
GSS status code values in RFC 2853 were not consistent. The draft now
defines in GSS error code values that are consistent.
>
> * change NT_HOSTBASED_SERVICE OID value from the deprecated value to
> the current one (as described in the C bindings in RFC 2744); the new
> version has a typo ("Unites States", which is also present in RFC 2744)
This needs to be fixed, I'll make the update.
{ iso(1) member-body(2) United States(840) mit(113554) infosys(1)
gssapi(2) generic(1) service_name(4) }
>
> * change text describing lifetime constants from "must be set to..."
> to "value of constant is..."
This update defines the recommended value.
>
> * clarify GSSCredential.getUsage() to say it return the flag "as a
> union over all mechanisms". I assume this means the union of all
> functionality in each of the mechanisms, so initiate-only for one and
> accept-only for another means you get INITIATE_AND_ACCEPT back?
This needs to be fixed, it should be:
Returns the credential usage flag. The return value will be one of
GSSCredential.INITIATE_ONLY, GSSCredential.ACCEPT_ONLY, or
GSSCredential.INITIATE_AND_ACCEPT.
I'll make the update.
>
> * added some missing references
>
> * flattened some sections, like:
> - old: 6.4.3 initSecContext, 6.4.3.1 example code for 6.4.3, 6.4.4
> initSecContext, 6.4.4.1 example code for 6.4.4, 6.4.5
> acceptSecContext, 6.4.5.1 example code for 6.4.5, ...
> - new: 7.4.3 initSecContext, 7.4.4 example code for 7.4.3, 7.4.5
> initSecContext, 7.4.6 example code for 7.4.5, 7.4.7 acceptSecContext,
> 7.4.8 example code for 7.4.7
>
> I think I like the old structure better, personally. Some of the
> bits of example code are small enough that I think you could just
> merge them into the preceding sections. It's a pretty minor point,
> though.
>
> * removed duplicated parameter names in descriptions in getMIC
> description in (old) 6.4.15
>
> * added required IANA Considerations section, even though there are
> no such considerations
This was required, as mentioned by IETF chair Jeffrey Altman.
>
> * corrected name of References section
>
> * updated IPR & Copyright, new authors' addresses
>
> * inserted the usual "conventions used in this document" section,
> before the introduction (resulting in a renumbering of sections
> through the whole document), even though the key words described
> there are not actually used in the document; I haven't checked the
> rules, but I would hope we can omit it in that case
The keywords defined in the Normative References are used in the draft.
Can you clarify what keyword are you referring to ?
>
> RFC 2744 inconsistencies notwithstanding, I think this spec should
> use consistent style for specifying OID values. Is it "iso(1)" or "1
> (iso)"?
RFC 4120, RFC 2744, RFC2743 all define iso(1). This draft follows the
same. Is this not the correct style ?
>
> So, I've mentioned above things that were changed and some minor
> issues I spotted looking at the changes. I haven't actually *read
> through* the new version in all its 105-page glory, so far. But most
> of the changes seem strictly mechanical (section renumbering) or
> localized, so I think it's safe to say the new version is at least as
> good as the old one, with a few minor issues noted above.
>
> Ken
>
Seema
_______________________________________________
Kitten mailing list
Kitten@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten
- comments on java bindings update, draft-ietf-kitt… Ken Raeburn
- Re: comments on java bindings update, draft-ietf-… Seema Malkani
- Re: comments on java bindings update, draft-ietf-… Jeffrey Altman
- Re: comments on java bindings update, draft-ietf-… Jeffrey Hutzelman