IETF Logo Mail Archive

Re: [kitten] [Technical Errata Reported] RFC6680 (4337)

Sam Hartman <hartmans-ietf@mit.edu> Mon, 20 April 2015 16:35 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 812E31A1A4B for <kitten@ietfa.amsl.com>; Mon, 20 Apr 2015 09:35:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fguU2_GMmt0s for <kitten@ietfa.amsl.com>; Mon, 20 Apr 2015 09:35:01 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BBEB1A039C for <kitten@ietf.org>; Mon, 20 Apr 2015 09:35:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 801AE206EB; Mon, 20 Apr 2015 12:34:26 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqbNxVXg7o9Y; Mon, 20 Apr 2015 12:34:26 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (c-50-177-26-195.hsd1.ma.comcast.net [50.177.26.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 20 Apr 2015 12:34:26 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 371638188A; Mon, 20 Apr 2015 12:34:53 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Nico Williams <nico@cryptonector.com>
References: <20150418215222.7ABFD180206@rfc-editor.org> <4268E41F-712E-425D-B514-C0023D311462@gmail.com> <tsl7ft7zx9f.fsf@mit.edu> <20150419230843.GP13041@localhost> <tsly4lmyl7i.fsf@mit.edu> <20150420155313.GQ13041@localhost>
Date: Mon, 20 Apr 2015 12:34:53 -0400
In-Reply-To: <20150420155313.GQ13041@localhost> (Nico Williams's message of "Mon, 20 Apr 2015 10:53:15 -0500")
Message-ID: <tsl8udmyd02.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/LsFghfDe_CRivjXUHkPt2vruPiQ>
Cc: "kitten@ietf.org" <kitten@ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, RFC Errata System <rfc-editor@rfc-editor.org>, Sam Hartman <hartmans-ietf@mit.edu>, "leifj@sunet.se" <leifj@sunet.se>
Subject: Re: [kitten] [Technical Errata Reported] RFC6680 (4337)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2015 16:35:02 -0000

>>>>> "Nico" == Nico Williams <nico@cryptonector.com> writes:

    Nico> On Mon, Apr 20, 2015 at 09:37:37AM -0400, Sam Hartman wrote:
    >> Well, I agree that we did think that things might block.

    >> I am less clear that we thought about anything specific that
    >> wouldn't block, and I'm concerned introducing this text implies
    >> there are things that don't block.

    Nico> I always thought that attributes listed in GSS_Inquire_name()
    Nico> wouldn't block: because they are would be "raw" things in
    Nico> Kerberos authorization-data or similar.

I agree that we should write applications assuming they will be fast.
That's very different from non-blocking for reasons including the ones I
already explained: network swap, demand paging over the net, database
lookups for things like nss etc that you'd expect to be fast but
sometimes aren't.

Basically, I don't think the IETF is in a position to say something is
non-blocking because there are many reasonable implementations where
that's simply impossible to implement.
We can talk about whether an application should be prepared for an API
to take a while.
I think that attributes listed in the return from inquire_name are
things an application can assume will be relatively fast compared to
ones not in inquire_name.

v2.23.0 | Report a Bug | By Email