IETF Logo Mail Archive

Re: [kitten] Some test registrations according to draft-ietf-kitten-gssapi-extensions-iana-08.txt

Benjamin Kaduk <kaduk@MIT.EDU> Thu, 30 October 2014 20:16 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D8EA1A6F47 for <kitten@ietfa.amsl.com>; Thu, 30 Oct 2014 13:16:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cWNPpuagFxmD for <kitten@ietfa.amsl.com>; Thu, 30 Oct 2014 13:16:24 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 475F01A6F3A for <kitten@ietf.org>; Thu, 30 Oct 2014 13:16:08 -0700 (PDT)
X-AuditID: 12074423-f799d6d00000337c-02-54529c87f100
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 7C.BB.13180.78C92545; Thu, 30 Oct 2014 16:16:07 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id s9UKG6k3026520; Thu, 30 Oct 2014 16:16:07 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s9UKG4rc002827 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 30 Oct 2014 16:16:06 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s9UKG48M017748; Thu, 30 Oct 2014 16:16:04 -0400 (EDT)
Date: Thu, 30 Oct 2014 16:16:04 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Shawn M Emery <shawn.emery@oracle.com>
In-Reply-To: <5451D0A2.1040907@oracle.com>
Message-ID: <alpine.GSO.1.10.1410301613200.27826@multics.mit.edu>
References: <53D138AC.60702@isode.com> <5440B05B.9040408@oracle.com> <alpine.GSO.1.10.1410262056090.27826@multics.mit.edu> <5451D0A2.1040907@oracle.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrNIsWRmVeSWpSXmKPExsUixG6nrts+JyjE4PVTA4ujm1exWPS9PsTu wOSxZMlPJo+PT2+xBDBFcdmkpOZklqUW6dslcGU0/ZrCWHCPr2L6H70Gxo3cXYycHBICJhJN j9azQdhiEhfugdhcHEICs5kkHn/vYAdJCAlsZJRYsy4Nwj7EJLFuiyREUQOjxLzln1hBEiwC 2hKN694wgthsAioSM99sBJsqIqAlcaOhgwnEZhYQllh/bgYziC0skCMx/dZkoDgHBydQzcdP fiBhXgFHiXW7djNDzJ/BKLHw+SOwI0QFdCRW75/CAlEkKHFy5hMWiJlaEsunb2OZwCg4C0lq FpLUAkamVYyyKblVurmJmTnFqcm6xcmJeXmpRbpmermZJXqpKaWbGMFh6qK8g/HPQaVDjAIc jEo8vBeOBoYIsSaWFVfmHmKU5GBSEuWNmh0UIsSXlJ9SmZFYnBFfVJqTWnyIUYKDWUmE16sb KMebklhZlVqUD5OS5mBREufd9IMvREggPbEkNTs1tSC1CCYrw8GhJMFbDTJUsCg1PbUiLTOn BCHNxMEJMpwHaHgkSA1vcUFibnFmOkT+FKOilDhvwyyghABIIqM0D64XlkZeMYoDvSLMmwbS zgNMQXDdr4AGMwEN/jw1AGRwSSJCSqqBMePSiS79UD8xrj7jeb/ybBceMevY0x1yq8jt/DaB Dcmc+ROmVPe8b5JOEePM+B0/YwEjS1ewz87z7zPtd3zWNrNt1veeV/vZzOGaxa9nuQuuXj4j 4Zsgsanm/Q2+4JboHwlODM/eCBQZ7p3X8HFBFfOn70enJm91M5xdrer2rnC5aY7l5LCDSizF GYmGWsxFxYkAVXF4Y/4CAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/RXiqq98W5CtlN7aewStAwLx_sAQ
Cc: kitten@ietf.org
Subject: Re: [kitten] Some test registrations according to draft-ietf-kitten-gssapi-extensions-iana-08.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Oct 2014 20:16:27 -0000

On Thu, 30 Oct 2014, Shawn M Emery wrote:

> On 10/26/14 06:57 PM, Benjamin Kaduk wrote:
> > On Fri, 17 Oct 2014, Shawn M Emery wrote:
> >
> > > Could folks please review the example registry that we would like to
> > > include
> > > in the draft-ietf-kitten-gssapi-extensions-iana draft?
> > >
> > > Thanks,
> > >
> > > Shawn.
> > > --
> > > On 07/24/14 10:47 AM, Alexey Melnikov wrote:
> > > > Bindings: C
> > > > Registration type: Instance
> > > > Object Type: Context-Flag
> > > > Symbol Name: GSS_C_DELEG_FLAG
> > > > Binding of: deleg_state or deleg_req_flag
> > > > Constant Value/Range: 1
> > > > Description: On output (if set): Delegated credentials are available
> > > >               via the delegated_cred_handle
> > > >               parameter of GSS_Accept_sec_context/GSS_Init_sec_context.
> > Er, GSS_Init_sec_context does not have a delegated_cred_handle argument.
>
> Yes, this is confusing, but there are trade-offs with using abbreviated text
> and being thorough in description.  Would something like the following make
> this more clear?:
>
> Description: On output (if set): Delegated credentials are available
>              via the delegated_cred_handle parameter of GSS_Accept_sec_context
>
>              On input (if set): With the call to GSS_Init_sec_context,
> 	     delegate credentials to the acceptor

That is more clear, yes.  There are still more subtleties that are not
covered by that text (the flag can be set on a GSS_S_CONTINUE_NEEDED
return of GSS_Accept_sec_context, can be set on the initiator's returned
flags, etc.), but those are probably overkill for a registry like this.


> Note that I'm not aware of what field length constraints there are for
> registry entries.

IIRC the download links on the web are just XML files, but there is
probably some other internal representation.

-Ben

v2.23.0 | Report a Bug | By Email