IETF Logo Mail Archive

Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-02.txt (fwd)

Nico Williams <nico@cryptonector.com> Sat, 18 January 2014 06:23 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7D7A1ADEA1 for <kitten@ietfa.amsl.com>; Fri, 17 Jan 2014 22:23:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CWb5wkIQp3cb for <kitten@ietfa.amsl.com>; Fri, 17 Jan 2014 22:23:00 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by ietfa.amsl.com (Postfix) with ESMTP id 9DBF71ADE72 for <kitten@ietf.org>; Fri, 17 Jan 2014 22:23:00 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTP id EE8B9674060 for <kitten@ietf.org>; Fri, 17 Jan 2014 22:22:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=MgjO69tuJgBKVfCRjlf8 7HPbaaI=; b=dPUHMRt90c3C5XS46giUEEZyUUhGoC39q7MYiGpMsj02WR+1/vIu S5DnupETSP82I9ljAVUtOpffTXWHiJg+fIAosj2Vm1PSggYI4IreJbsdMutv4WIe 5d69pJnaDm0rLyyryLsFyvIBnnwfj2edpHoogWV3lVcEec/gpkvtEjc=
Received: from mail-we0-f170.google.com (mail-we0-f170.google.com [74.125.82.170]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTPSA id 9CF0C674058 for <kitten@ietf.org>; Fri, 17 Jan 2014 22:22:47 -0800 (PST)
Received: by mail-we0-f170.google.com with SMTP id u57so5379928wes.29 for <kitten@ietf.org>; Fri, 17 Jan 2014 22:22:46 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=wpSC+1gYBjLwV5K45WUmPYjJwwSIdg0nxpHsdjEzmGk=; b=A+TFNw9Zczr1Bx6fZm+TFALq5X/AGUk8DorJJSBNrUsWa75ZfsG1zSGW0KfO/une4M yxKCIv+FeEZE5AZZCLoaDbLboT8RP93izAuOGHTw8FadGDv01uW2WO8Wid7DCDvtQvnZ o5cJPBpyc9MTiSW4+4/56Fl0zkVhNRcz3YHBTWNyuF3dOZPymfuVxQYp1ui+QpRBnMO2 xryFT3isze/lfE1H4fOzTadoAQKQJgG+zdWK+xOD21Ib0TH8xKSeJ/IWn09jFvEkPitO o3txTn8YBgYmzQo6IcOFR1n52HIXOgaEUNZo7l80nL8B6RF/Cj3vLD6h8FYOiLbbS445 Y1uQ==
MIME-Version: 1.0
X-Received: by 10.194.187.101 with SMTP id fr5mr34469wjc.76.1390026166275; Fri, 17 Jan 2014 22:22:46 -0800 (PST)
Received: by 10.217.108.132 with HTTP; Fri, 17 Jan 2014 22:22:46 -0800 (PST)
In-Reply-To: <52D9F4E7.6050205@mit.edu>
References: <20140118010111.326F31ABB3@ld9781.wdf.sap.corp> <52D9F4E7.6050205@mit.edu>
Date: Sat, 18 Jan 2014 00:22:46 -0600
Message-ID: <CAK3OfOj-gHJ5gwA6RnKMomYEuuMUkge4MVKEquqfCXT86buNMQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Greg Hudson <ghudson@mit.edu>
Content-Type: text/plain; charset="UTF-8"
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-02.txt (fwd)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jan 2014 06:23:01 -0000

On Fri, Jan 17, 2014 at 9:28 PM, Greg Hudson <ghudson@mit.edu> wrote:
> On 01/17/2014 08:01 PM, Martin Rex wrote:
>>>> /* It is safe to call gss_release_buffer twice on the same buffer. */
>
>> I hadn't notice this strange comment about gss_release_buffer() before,
>> and I'm voilently opposed, please remove that misleading comment.
>
> The comment in the draft is trying to say that it's okay to call
> gss_release_buffer twice with the same reference to a gss_buffer_desc
> structure, trusting that the first call will put the structure into a
> state where the second call is a no-op.  Unfortunately, RFC 2744 does
> not appear to guarantee this; 5.26 only requires that the length is set
> to 0 after the storage is freed (implementations are merely "encouraged"
> to zero the pointer field), and does not guarantee that a second call
> won't double-free the storage.

RFC2744, section 5.26 requires nothing.  It doesn't say "MUST", and so
on (because RFC2744 doesn't reference RFC2119, of course).  It doesn't
say that the value field will not be set.  Section 3.9.2 seems to
indicate that the value field ought to be set, but only if the buffer
is an output buffer.

> If it is okay for the sample code to rely on this behavior, in spite of
> RFC 2744 not specifying that it is okay, then perhaps the comment should
> be clarified or removed to avoid confusing people like it did Martin.

I would just note that RFC2744 can be interpreted as permitting
gss_release_buffer() implementations to set the length field but not
the value field.  But I'd rather just say that RFC2744 just has a
glaring omission... because that's what it is.

Nico
--

v2.29.0 | Report a Bug | By Email | System Status