Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-01.txt (fwd)
Benjamin Kaduk <kaduk@MIT.EDU> Tue, 26 November 2013 03:22 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 533491AE103 for <kitten@ietfa.amsl.com>; Mon, 25 Nov 2013 19:22:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYs3YBXCRRqh for <kitten@ietfa.amsl.com>; Mon, 25 Nov 2013 19:22:56 -0800 (PST)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) by ietfa.amsl.com (Postfix) with ESMTP id 6DF091ADFEF for <kitten@ietf.org>; Mon, 25 Nov 2013 19:22:56 -0800 (PST)
X-AuditID: 12074425-b7fd96d000000c39-f7-5294140fa118
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 6E.ED.03129.F0414925; Mon, 25 Nov 2013 22:22:56 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id rAQ3MsVG021882; Mon, 25 Nov 2013 22:22:55 -0500
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id rAQ3Mq1e024215 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 25 Nov 2013 22:22:54 -0500
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id rAQ3MqIa022720; Mon, 25 Nov 2013 22:22:52 -0500 (EST)
Date: Mon, 25 Nov 2013 22:22:52 -0500
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Greg Hudson <ghudson@MIT.EDU>
In-Reply-To: <528D431C.5020803@mit.edu>
Message-ID: <alpine.GSO.1.10.1311251702430.27579@multics.mit.edu>
References: <alpine.GSO.1.10.1311201407400.23560@multics.mit.edu> <alpine.GSO.1.10.1311201733070.23560@multics.mit.edu> <528D431C.5020803@mit.edu>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrCIsWRmVeSWpSXmKPExsUixG6nrisgMiXI4IqNxdHNq1gcGD2WLPnJ FMAYxWWTkpqTWZZapG+XwJVx5OIN1oLTohXLj+xkbmDcINjFyMkhIWAicbTvKSuELSZx4d56 ti5GLg4hgdlMEgeaP0E5Gxkljp35wwjhHGKSONY/jRXCaWCUWHaiiRGkn0VAW+L6zxksIDab gIrEzDcb2UBsEQFFid8r34LVMAsIS6w/N4MZxBYWiJX41bOKHcTmFFCX2Hp/PlicV8BRYvv2 J0wQCyYxStz7NxWsSFRAR2L1/iksEEWCEidnPmGBGGop8W/tL9YJjIKzkKRmIUktYGRaxSib klulm5uYmVOcmqxbnJyYl5dapGuhl5tZopeaUrqJERyYLqo7GCccUjrEKMDBqMTDK9E5OUiI NbGsuDL3EKMkB5OSKO9f/ilBQnxJ+SmVGYnFGfFFpTmpxYcYJTiYlUR4Xe8DlfOmJFZWpRbl w6SkOViUxHlvcdgHCQmkJ5akZqemFqQWwWRlODiUJHiFhYGGChalpqdWpGXmlCCkmTg4QYbz AA13FgKq4S0uSMwtzkyHyJ9iVJQS53UHaRYASWSU5sH1whLHK0ZxoFeEeVeAtPMAkw5c9yug wUxAg7uMQK4uLklESEk1MB5L02s9lS2gHV8jLH32wqH7d5/G8qpvYndZaf07Nf6V58Eb7Cx2 /hK950Qm8Tt8jtzyKe7YBH8pvZuropUNWo+3rzy26WjTjdPLFLcc22/ffMFoz79qu6JyHUWV LS4dT8reHYo2+Pn7B/fpKfrtv9S7f77pZvXLmGcRJufv/Z3/3cJdUeaJnUosxRmJhlrMRcWJ ABnX5En3AgAA
Cc: kitten@ietf.org
Subject: Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-01.txt (fwd)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2013 03:22:58 -0000
On Wed, 20 Nov 2013, Greg Hudson wrote: > On 11/20/2013 05:45 PM, Benjamin Kaduk wrote: > >> The send_token()/receive_token() routines are not very good examples. >> It is probably better to rewrite them to use sendmsg/recvmsg with >> socketpair, which also eliminates the need to add framing with the token >> length. > > I think the RFC should only include the do_initiator() and do_acceptor() > functions. The sample code does not need to compile and run, only > demonstrate how the API should be used and be a reasonable starting > point for cut and paste. Adding questionable framing code runs the risk > of people actually using it, and adding solid framing code would be too > much verbiage. release_buffer() is needed, of course, unless we get rid > of it somehow (perhaps by assuming that receive_token will free what's > already there, and then just calling free() in cleanup). How would you feel about having stub routines send_token()/receive_token() which are just comments indicating what an implementation of them should do? My original intention in including these routines was in fact to have sample code that would compile (and maybe run, if the mechanism supports nameless initiators), to make it as clear as possible what was necessary for an application implementation. Subsequent discussion has convinced me that (as you say) including an actual implementation of those routines is unwise, but I would still like to be as explicit as possible what is necessary for applications. A stub routine with comment seems like it could be more clear than just a call to an unimplemented routine with an argument 'readfd' or 'writefd'. I will still have an implementation locally, so that I can test the sample code -- it wouldn't do to include buggy sample code. > I would rather see anonymous handled as a runtime parameter than an > #ifdef, which is distracting. We had previously discussed having separate sample code for the anonymous and non-anonymous case, but as I was writing it seemed like the differences were so small that duplicating everything was not worth it. However, I still wanted to make clear that if an application did not care about supporting anonymous initiators, the code in question could be removed; using a preprocessor conditional seemed the clearest way to do so. I don't think the sense of "this code can be entirely removed" is as clear with a C-level conditional. > "if ((ret_flags & GSS_C_ANON_FLAG) != GSS_C_ANON_FLAG)" can be > simplified to "if (!(ret_flags & GSS_C_ANON_FLAG))", and similarly > elsewhere. This is true. If you think it is more clear to write it that way, I guess I can change it for the next revision. -Ben
- [kitten] New Version Notification for draft-kaduk… Benjamin Kaduk
- Re: [kitten] New Version Notification for draft-k… Benjamin Kaduk
- Re: [kitten] New Version Notification for draft-k… Greg Hudson
- Re: [kitten] New Version Notification for draft-k… Martin Rex
- Re: [kitten] New Version Notification for draft-k… Benjamin Kaduk
- Re: [kitten] New Version Notification for draft-k… Martin Rex
- Re: [kitten] New Version Notification for draft-k… Martin Rex
- Re: [kitten] New Version Notification for draft-k… Benjamin Kaduk
- Re: [kitten] New Version Notification for draft-k… Benjamin Kaduk
- Re: [kitten] New Version Notification for draft-k… Martin Rex
- Re: [kitten] New Version Notification for draft-k… Nico Williams
- Re: [kitten] New Version Notification for draft-k… Nico Williams
- Re: [kitten] New Version Notification for draft-k… Jeffrey Hutzelman
- Re: [kitten] RFC 2744 Appendix A erratum Benjamin Kaduk
- Re: [kitten] RFC 2744 Appendix A erratum Martin Rex
- Re: [kitten] New Version Notification for draft-k… Jeffrey Hutzelman
- Re: [kitten] New Version Notification for draft-k… Nico Williams
- Re: [kitten] New Version Notification for draft-k… Benjamin Kaduk
- Re: [kitten] New Version Notification for draft-k… Nico Williams
- Re: [kitten] New Version Notification for draft-k… Benjamin Kaduk