IETF Logo Mail Archive

Re: [kitten] RFC2743 errata 4251

Jeffrey Hutzelman <jhutz@cmu.edu> Wed, 14 January 2015 21:12 UTC

Return-Path: <jhutz@cmu.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFE941A9071 for <kitten@ietfa.amsl.com>; Wed, 14 Jan 2015 13:12:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XKERqUma5c4V for <kitten@ietfa.amsl.com>; Wed, 14 Jan 2015 13:12:56 -0800 (PST)
Received: from smtp03.srv.cs.cmu.edu (smtp03.srv.cs.cmu.edu [128.2.217.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FF191A906C for <kitten@ietf.org>; Wed, 14 Jan 2015 13:12:55 -0800 (PST)
Received-SPF: none (cmu.edu: No applicable sender policy available) receiver=smtp03.srv.cs.cmu.edu; identity=mailfrom; envelope-from="jhutz@cmu.edu"; helo="[128.2.193.239]"; client-ip=128.2.193.239
Received: from [128.2.193.239] (minbar.fac.cs.cmu.edu [128.2.193.239]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id t0ELCo3g016785 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 14 Jan 2015 16:12:51 -0500 (EST)
Message-ID: <1421269970.18482.184.camel@minbar.fac.cs.cmu.edu>
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Nico Williams <nico@cryptonector.com>
Date: Wed, 14 Jan 2015 16:12:50 -0500
In-Reply-To: <20141220001633.GD12662@localhost>
References: <alpine.GSO.1.10.1411241330400.19231@multics.mit.edu> <20141124185114.GM3200@localhost> <alpine.GSO.1.10.1412091618550.23489@multics.mit.edu> <20141209215519.GI12979@localhost> <alpine.GSO.1.10.1412091856160.23489@multics.mit.edu> <20141210002441.GP12979@localhost> <alpine.GSO.1.10.1412101349030.23489@multics.mit.edu> <548F185E.70701@mit.edu> <5492032F.9050607@mit.edu> <20141217230505.GD9443@localhost> <20141220001633.GD12662@localhost>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.3-0ubuntu6
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-Scanned-By: mimedefang-cmuscs on 128.2.217.202
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/8V7hxUQxHe0Yd_50egj6z4jZGWo>
Cc: kitten@ietf.org, jhutz@cmu.edu
Subject: Re: [kitten] RFC2743 errata 4251
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2015 21:12:58 -0000

On Fri, 2014-12-19 at 18:16 -0600, Nico Williams wrote:
> On further thought, since context deletion tokens are obsoleted, and
> have been for a long time, we might as well say nothing about
> GSS_S_COMPLETE implying that the peer is done using its side of the
> security context.  The GSS_S_FAILURE case, however, still kinda leads to
> the caller being done.
> 
> OLD PROPOSED TEXT
> |      Though future GSS-API extensions may add new uses of asynchronous
> |      security context tokens and ways to process them, applications
> |      using the GSS-API version 2, update 1, should generally call
> |      GSS_Delete_sec_context() after calling GSS_Process_context_token(),
> |      when the latter returns GSS_S_COMPLETE or GSS_S_FAILURE.
> 
> NEW:
> |      Applications should generally call GSS_Delete_sec_context() when
> |      GSS_Process_context_token() returns GSS_S_FAILURE.

FWIW, I agree with Greg that it's not reasonable to assume, or suggest
that applications assume, that all asynchronous context tokens are
deletion tokens or mean that the context is now dead.  So, the above
change is an improvement.

However, after reading this thread, I'm not convinced we need to give
applications any guidance about calling GSS_Delete_sec_context after
processing a context token.  Nico thinks that saying "generally" makes
it OK, but I disagree.  The word "generally" here isn't an effective
weasel word; it's a particle.  If you describe what the exceptions are,
you don't need it, and if you don't, then it doesn't do you any good.
Implementors are going to read the text as if the word wasn't there.


I think it is worth noting that if we start giving new implementation
guidance to applications in an erratum, people who read it will assume
it must be important and start doing that, because otherwise, why did we
go out of our way to publish an erratum?


The purpose of errata is to fix technical or editorial errors and
omissions in the existing spec.  They are not for changing the spec or
offering new guidance.  We should stick to doing the former, and leave
the latter for a new or updated document, if it's necessary.

-- Jeff

v2.23.0 | Report a Bug | By Email