Re: draft-ietf-kitten-rfc2853bis-02 review

Shawn M Emery wrote On 02/02/07 13:12,:

>
> As promised at IETF-68, here is my review of this draft.  I apologize 
> for not doing this sooner.
>
> Overall comments:
>
> Does this draft need to obsolete RFC 2853, but rather just contain the
> corrections/clarifications based from RFC 2743? I think that most of
> the people looking at this document are going to be those you already
> have existing class libraries and will want to know what exactly should
> be changed.

This draft does need to obsolete RFC 2853. The GSS error codes were 
misaligned in the spec, which need to be fixed.

>
> Are there any issues where garbage collection may be indeterministic
> enough for freeing sensitive data?

No. The GC will sweep all objects not referenced. If you are concerned 
about any sensitive data, we do provide API where applicable. For 
instance, we provide an API dispose() to release any system resources.

>
> 4. Additional Controls
> -- 
> Optional services list needs delimiters of item and its definition.
>
> 5.2 Provider Framework
> -- 
> Add comma here:
>
> functionality to the components obtained from providers, the GSS-API
> can be extended to support an arbitrary list of mechanisms.

Will fix it.

>
>
> 5.14 Channel Bindings
> -- 
>
> The channel binding mechanism example is out-dated. Refer to:
> draft-ietf-kitten-gssapi-channel-bindings-02.txt

This draft does not change the Channel Bindings structure. Extensions to 
GSS will be covered separately.

>
> 6.3 GSSCredential interface
> -- 
>
> Should we consider draft-ietf-kitten-gssapi-store-cred-02.txt here/now? 

All GSS extensions will be covered separately.

Thanks,
Seema

_______________________________________________
Kitten mailing list
Kitten@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten