Re: [kitten] [Technical Errata Reported] RFC6680 (4337)

Alejandro Perez Mendez <> Mon, 20 April 2015 14:55 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 58F401B2E26 for <>; Mon, 20 Apr 2015 07:55:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4ndUlTzR3LkD for <>; Mon, 20 Apr 2015 07:55:48 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D64E91B2C1E for <>; Mon, 20 Apr 2015 07:55:47 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 472EFD1A2 for <>; Mon, 20 Apr 2015 16:55:46 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with LMTP id 2XQRM6SLR1qp for <>; Mon, 20 Apr 2015 16:55:46 +0200 (CEST)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by (Postfix) with ESMTPSA id 1EFA8CE51 for <>; Mon, 20 Apr 2015 16:55:45 +0200 (CEST)
Message-ID: <>
Date: Mon, 20 Apr 2015 16:55:45 +0200
From: Alejandro Perez Mendez <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
References: <> <> <> <20150419230843.GP13041@localhost> <>
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [kitten] [Technical Errata Reported] RFC6680 (4337)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 Apr 2015 14:55:50 -0000

El 20/04/15 a las 15:37, Sam Hartman escribió:
>>>>>> "Nico" == Nico Williams <> writes:
>      Nico> On Sun, Apr 19, 2015 at 04:19:40PM -0400, Sam Hartman wrote:
>      >> I really don't think we considered blocking when developing 6680.
>      >> I think this is something that if we're going to discuss we need
>      >> a full IETF consensus to say.
>      Nico> I did think about it, though I don't recall specific
>      Nico> on-the-list discussions about it, I'm certain I discussed it
>      Nico> with someone.  In particular I had wanted to consider
>      Nico> UID/GID/SID lookups.  My intention was roughly as per-Ben's
>      Nico> proposed text.
> Well, I agree that we did think that things might block.
> I am less clear that we thought about anything specific that wouldn't
> block, and I'm concerned introducing this text implies there are things
> that don't block.

I agree with Sam's view. How can we assure that something doesn't block 
on a pending network interactions? Is a DNS query a pending network 
interaction? Or retrieving a DTD for XML validation? Or querying a SQL 
database using a connection to localhost. In principle, we could assume 
that any call to the "open/read/write" functions are potentially blocking.

 From my point of view, since the GSS is an API, one might assume the 
caller should not be aware of how each specific call is actually 
implemented. What's the purpose of knowing that something does not 
block? If the purpose is avoiding the caller to wait too much (or even 
forever) for a result, probably the best option would be to allow 
specifying some sort of timeout after which the caller will either 
receive a valid result, or obtain an ERROR (e.g. GSS_C_CALL_TIMEOUT).


> _______________________________________________
> Kitten mailing list