IETF Logo Mail Archive

Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv3: request for review

Benjamin Kaduk <kaduk@MIT.EDU> Mon, 04 August 2014 18:13 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 414301A00AE; Mon, 4 Aug 2014 11:13:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CLBsxdzu0G9H; Mon, 4 Aug 2014 11:13:26 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 994981A00BA; Mon, 4 Aug 2014 11:13:26 -0700 (PDT)
X-AuditID: 1209190d-f79c06d000002f07-66-53dfcd45e732
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 5B.41.12039.54DCFD35; Mon, 4 Aug 2014 14:13:25 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id s74IDOsD004443; Mon, 4 Aug 2014 14:13:24 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s74IDLqb026838 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 4 Aug 2014 14:13:23 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s74IDK55029698; Mon, 4 Aug 2014 14:13:20 -0400 (EDT)
Date: Mon, 04 Aug 2014 14:13:20 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Nico Williams <nico@cryptonector.com>
In-Reply-To: <20140804164406.GK3579@localhost>
Message-ID: <alpine.GSO.1.10.1408041411510.21571@multics.mit.edu>
References: <DC941FEB-725A-49E1-8C38-FF765454827C@netapp.com> <alpine.GSO.1.10.1407301239260.21571@multics.mit.edu> <20140801224505.GB3579@localhost> <DB49D4A2-0EFF-4338-8F15-8459EEEBD5E8@netapp.com> <20140804164406.GK3579@localhost>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-559023410-1761750950-1407176000=:21571"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprEKsWRmVeSWpSXmKPExsUixG6nrut69n6wwbomVYujm1exWMx+/4jV 4tS1I2wW0xdZObB4vDx1jtFjyZKfTB4zPn1hC2CO4rJJSc3JLEst0rdL4Mq4u/IPW8FhzorD p04wNTC+ZO9i5OSQEDCRmND0igXCFpO4cG89WxcjF4eQwGwmieN3Z7JCOBsYJbaue8AC4Rxk klh8+gFYu5BAvcTUnw1gNouAlsSaNT+ZQGw2ARWJmW82soHYIgKaEtfnLQWzmQXKJLqntbOC 2MICbhLNr34xg9icAnoSkyZOADuDV8BR4vzpk2wQ818ySlzfHQJiiwroSKzePwWqRlDi5Mwn LBAzAyUWT37LPoFRcBaS1CwkqVmMHEC2mcTCNjuIsLbE/ZttbAsYWVYxyqbkVunmJmbmFKcm 6xYnJ+blpRbpGunlZpbopaaUbmIEBT2nJO8OxncHlQ4xCnAwKvHwCqjdDxZiTSwrrsw9xCjJ waQkyrvzOFCILyk/pTIjsTgjvqg0J7X4EKMEB7OSCG/cKaAcb0piZVVqUT5MSpqDRUmc9621 VbCQQHpiSWp2ampBahFMVoaDQ0mCt/sMUKNgUWp6akVaZk4JQpqJgxNkOA/Q8GiQGt7igsTc 4sx0iPwpRkUpcd5dp4ESAiCJjNI8uF5YUnrFKA70ijBvAUg7DzChwXW/AhrMBDTYTAdscEki QkqqgXHxfUm/WazqQbc/yP49mmR5K+rum60X7r0WqjbW6v7GrfPw5RcvcUWbpzvTfq05s2Zu k+U8yzlneDcvy7/ZmcL14fvhvH17u+3yGaavfeHl09PW9YSFRTL4wsMPPg/3273v5r5+YtcE i0+5q3MvLZE52KfhWvjNyVtdWkjpckJSeemsZ5teTUpXYinOSDTUYi4qTgQAP2izcyUDAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/RF8mOsKKVmcC7x2t3e7u3zLvB5o
Cc: "kitten@ietf.org" <kitten@ietf.org>, "Adamson, Andy" <William.Adamson@netapp.com>, NFSv4 <nfsv4@ietf.org>
Subject: Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv3: request for review
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Aug 2014 18:13:29 -0000

On Mon, 4 Aug 2014, Nico Williams wrote:

> On Mon, Aug 04, 2014 at 04:38:16PM +0000, Adamson, Andy wrote:
>> On Aug 1, 2014, at 6:45 PM, Nico Williams <nico@cryptonector.com> wrote:
>>>> Why is RPCSEC_GSS_BIND_CHANNEL marked as "not used" in the sample
>>>> code on page 7?  It is not otherwise mentioned in the draft, and the
>>>
>>> Dunno.  It was never marked so in my draft.  Andy?
>>
>> It is marked as “not used” in GSSv3 because GSSv3 provides it’s own channel binding method.
>
> Ah, right, that's a v2 thing.  Thanks for reminding me!

Sorry if this is belaboring the point, but my reading of the text in -08 
is that v3 permits the use of RPCSEC_GSS_BIND_CHANNEL to establish a 
channel over which RPCSEC_GSS_CREATE can be called, and implicitly 
disrecommends the use of this operation for any other use.

-Ben

v2.29.0 | Report a Bug | By Email | System Status