Re: [kitten] Updating IANA krb5 GSSAPI token type registry
mrex@sap.com (Martin Rex) Wed, 07 August 2013 18:54 UTC
Return-Path: <mrex@sap.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B918221F9D4F for <kitten@ietfa.amsl.com>; Wed, 7 Aug 2013 11:54:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.249
X-Spam-Level:
X-Spam-Status: No, score=-10.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8N+vK5YhoWAe for <kitten@ietfa.amsl.com>; Wed, 7 Aug 2013 11:54:02 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id CFD8521E8088 for <kitten@ietf.org>; Wed, 7 Aug 2013 11:54:00 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id r77Irwq3016470 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 7 Aug 2013 20:53:58 +0200 (MEST)
In-Reply-To: <alpine.GSO.1.10.1308062018070.24720@multics.mit.edu>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Date: Wed, 07 Aug 2013 20:53:58 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130807185358.263CC1A8EE@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: kitten@ietf.org
Subject: Re: [kitten] Updating IANA krb5 GSSAPI token type registry
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 18:54:07 -0000
Benjamin Kaduk wrote: > Martin, Luke, thanks for looking these up, it saved a bunch of time. > > I see that draft-ietf-krb-wg-gssapi-cfx-02 (which became RFC4121) had 0405 > for the context deletion token, but this was removed in the -03 in favor > of not emitting such tokens. I just found another one: http://tools.ietf.org/html/rfc2743#page-84 04 01 exported name (token) created by gss_export_name() In case that anyone is wondering what "per-message token without generic framing" means: GSS-API defines a mechanism-independent Token Format in rfc-2743, section 3.1 http://tools.ietf.org/html/rfc2743#page-81 (originally in GSS-API v1, rfc-1508, Appendix B) http://tools.ietf.org/html/rfc1508#page-48 which must be used for the _initial_context_token_, This "generic framing" is originally defined as ASN.1, but the description in rfc2743, section 3.1 also describes that framing as bits-on-the-wire, so that it can be implemented without ASN.1 tools. There is _no_ requirement in the base gssapi specification for mechanisms what framing or format to use for others but the initia context token (i.e. the 1st token from Initiator to Acceptor) or for per-message tokens. The Kerberos gssapi mechanism (rfc1964) decided to use the generic framing for _all_ context tokens, and in addition, for _all_ per message tokens as well. The update of the Kerberos gssapi mechanism (rfc4121) dropped the generic framing on the per-message tokens, making the TOKEN_ID the fist two octets to appear in rfc4121 per-message tokens. -Martin
- [kitten] I-D Action: draft-ietf-kitten-iakerb-00.… internet-drafts
- Re: [kitten] I-D Action: draft-ietf-kitten-iakerb… Benjamin Kaduk
- [kitten] Updating IANA krb5 GSSAPI token type reg… Benjamin Kaduk
- Re: [kitten] I-D Action: draft-ietf-kitten-iakerb… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Tom Yu
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Martin Rex
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Luke Howard
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Martin Rex
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Luke Howard
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Simo Sorce
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Jeffrey Hutzelman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Martin Rex
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Simo Sorce
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Sam Hartman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Jeffrey Hutzelman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Shawn M Emery
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Sam Hartman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Jeffrey Hutzelman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Sam Hartman