Re: [kitten] draft-ietf-kitten-rfc5653bis-02 review
Thomas Maslen <Thomas.Maslen@software.dell.com> Wed, 11 February 2015 03:54 UTC
Return-Path: <Thomas.Maslen@software.dell.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D8E91A00F5 for <kitten@ietfa.amsl.com>; Tue, 10 Feb 2015 19:54:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3UGOgprXXTbP for <kitten@ietfa.amsl.com>; Tue, 10 Feb 2015 19:54:20 -0800 (PST)
Received: from amersmtp2.software.dell.com (amersmtp2.software.dell.com [12.106.87.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98FA01A1B7E for <kitten@ietf.org>; Tue, 10 Feb 2015 19:54:18 -0800 (PST)
Received: from amersmtp2.software.dell.com (127.0.0.1) id hrb96o0171sd for <kitten@ietf.org>; Tue, 10 Feb 2015 19:54:17 -0800 (envelope-from <Thomas.Maslen@software.dell.com>)
Received: from ALVHTXW01.prod.quest.corp ([10.1.135.17]) by amersmtp2.software.dell.com (SonicWALL 8.0.7.2831) with ESMTPS (version=TLSv1 cipher=AES128-SHA bits=128/128) id 201502110354170206853; Tue, 10 Feb 2015 19:54:17 -0800
Received: from ALVMBXW02.prod.quest.corp ([fe80::b862:2ecd:1237:d875]) by ALVHTXW01.prod.quest.corp ([::1]) with mapi id 14.03.0224.002; Tue, 10 Feb 2015 19:54:17 -0800
From: Thomas Maslen <Thomas.Maslen@software.dell.com>
To: "kitten@ietf.org" <kitten@ietf.org>
Thread-Topic: [kitten] draft-ietf-kitten-rfc5653bis-02 review
Thread-Index: AQHQRZiqtINAbwvb/kCw227JtWH+lA==
Date: Wed, 11 Feb 2015 03:54:17 +0000
Message-ID: <D5847DD823005F4E9DB94FE77DCEDF68319E4B4C@ALVMBXW02.prod.quest.corp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.104.156]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mlf-Version: 8.0.7.2831
X-Mlf-UniqueId: o201502110354170206853
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/LXfUqw6IyzZMQoBLkWUnNT2wN0s>
X-Mailman-Approved-At: Tue, 10 Feb 2015 20:02:41 -0800
Subject: Re: [kitten] draft-ietf-kitten-rfc5653bis-02 review
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 03:54:23 -0000
On 10 Feb 2015 18:40:25 +0800, Wang Weijun <weijun.wang@oracle.com> wrote (in response to one of Ben's review comments): > [...] > I will spend some time talking with my colleagues on your opinions on stream-based methods. For whatever it's worth... I agree with most of what Ben wrote in his review, particularly the long-standing text he flagged in RFC 2853 / 5653 / rfc5653bis which seems to assume that all tokens -- not just initial tokens -- received by GSSContext.initSecContext() and GSSContext.acceptSecContext() use the mechanism-independent token format. However, I don't agree with this comment in the review: >> [...] >> Since this essentially involves generating byte-array tokens everywhere >> and generating single-use streams from them, it makes me wonder what >> utility the stream forms of these routines provide. I believe that the "Since this essentially involves generating byte-array tokens everywhere" premise isn't really true, and I believe that the stream-based methods are definitely useful and don't need to be revisited. (Aside: now that I have read the sample code in RFC 2853 et seq for the stream-based methods, I see what led Ben to believe that this essentially involves generating byte-array tokens everywhere, but I believe that's just a problem with the usefulness of the sample code, not a problem with the usefulness of the stream-based methods). To me the stream-based methods are the fundamental form, whereas the byte-array methods are just convenience methods: they provide a convenient but less efficient alternative, and it wouldn't have been a tragedy if RFC 2853 had omitted the byte-array methods and included only the stream-based methods. Since I regard the byte-array methods as just convenience methods, I think that it's nice if they can provide all the same functionality as the stream-based methods but it definitely isn't a requirement -- to me it's OK if the byte-array methods don't support some more arcane cases. Given that, my reaction to the rfc5653bis drafts is similar (I think) to Greg Hudson's comment on 1 Feb 2015: the stream-based methods already kinda sorta provide a way to do this -- write the error token to the OutputStream, then throw the GSSException. For me it's fine that only the stream-based methods support this and the byte-array methods don't, but I understand that others may differ, including of course Weijun. w.r.t. the main change in the rfc5653bis drafts (i.e. adding the getOutputToken() method to GSSException), ideally I would like to see some tweaks: (1) In the updated example code for the stream-based methods, the "sendToken(new ByteArrayOutputStream(outTok));" code in the catch-block is bogus (and also won't compile), right? (2) [Perhaps someone already mentioned this one, maybe Greg?] The stream-based methods now have two ways that they could convey an error token: either write it to the OutputStream or return it in the GSSException (but not both, I trust). I didn't notice any text that specifies (a) what the JGSS implementation is required to do (and not do) w.r.t. this, and (b) what the calling code should / shouldn't expect, but perhaps I overlooked it. Would the rule be "If the implementation is generating an error token, it must never write any bytes to the OutputStream, and must always return the token in the GSSException", or something else? (3) GSSException is used throughout the JGSS API: http://docs.oracle.com/javase/7/docs/api/org/ietf/jgss/class-use/GSSException.html but I assume that the only places where GSSException.getOutputToken() can be non-null (and calling code should handle it) are after the two initSecContext() methods and the two acceptSecContext() methods -- right? That's more or less implicit in the current draft, but could the section 6.8 intro and / or section 6.8.7 be a bit more explicit that getOutputToke() is only pertinent to initSecContext() and acceptSecContext() ? ... but none of them are anywhere close to being "over my dead body" issues. Overall, given a choice between RFC 5653 and the current rfc5653bis drafts, my 0.02 would be just to keep RFC 5653 as-is, but again that's just a mild preference.
- Re: [kitten] draft-ietf-kitten-rfc5653bis-02 revi… Thomas Maslen
- Re: [kitten] draft-ietf-kitten-rfc5653bis-02 revi… Greg Hudson
- Re: [kitten] draft-ietf-kitten-rfc5653bis-02 revi… Thomas Maslen
- Re: [kitten] draft-ietf-kitten-rfc5653bis-02 revi… Benjamin Kaduk
- Re: [kitten] draft-ietf-kitten-rfc5653bis-02 revi… Thomas Maslen
- Re: [kitten] draft-ietf-kitten-rfc5653bis-02 revi… Benjamin Kaduk