Re: [kitten] GSS-API and timeouts
Nico Williams <nico@cryptonector.com> Wed, 04 April 2012 17:31 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07DE221F8795 for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 10:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.675
X-Spam-Level:
X-Spam-Status: No, score=-1.675 tagged_above=-999 required=5 tests=[AWL=0.302, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lvzix-20x2Ez for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 10:30:59 -0700 (PDT)
Received: from homiemail-a90.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207]) by ietfa.amsl.com (Postfix) with ESMTP id 6DDDF21F876C for <kitten@ietf.org>; Wed, 4 Apr 2012 10:30:59 -0700 (PDT)
Received: from homiemail-a90.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a90.g.dreamhost.com (Postfix) with ESMTP id F27E92AC07A for <kitten@ietf.org>; Wed, 4 Apr 2012 10:30:58 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=u3KpFVhBV5IgLCbqs+Na8 QOBFQwQr+fDylbprBf5B7fUTGP+00l77KyT7IJPU+HwX3HB5Dwm0LOuSM2tp4/YS ujcCqASdlAT4/xo+37Nmqjmfw1QGnxq7ZIVSyXN4+/2Pg27tF5d2oEdCLYbzVuDb LpLaDfNApFrzjCjORo/a40=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=EIgFzdEbpU6W55VAMb0I zRWphG0=; b=jOJXH1v+S+JjLd7jAT6tCyMfkuipqMBww3qT5dNWTifWh6zUwxpX f4z9P0wlyOXJAYP3dJBpOsWIgMJEVyXb60Rm8BponfJhU2NVQMQcLp2F5p/8MImS dGC3CGeXARw+yXDqbCqoP05T5VFTcJUVVCsld4elk/rmNhvBrLxMNUE=
Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a90.g.dreamhost.com (Postfix) with ESMTPSA id C0E172AC073 for <kitten@ietf.org>; Wed, 4 Apr 2012 10:30:58 -0700 (PDT)
Received: by dady13 with SMTP id y13so741457dad.27 for <kitten@ietf.org>; Wed, 04 Apr 2012 10:30:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.201.165 with SMTP id kb5mr1455589pbc.118.1333560658020; Wed, 04 Apr 2012 10:30:58 -0700 (PDT)
Received: by 10.68.28.6 with HTTP; Wed, 4 Apr 2012 10:30:57 -0700 (PDT)
In-Reply-To: <87d37njtvv.fsf@latte.josefsson.org>
References: <87obr7lfqc.fsf@latte.josefsson.org> <CAK3OfOgOKr1=rA2GyKQTaxuRgc14+KnyWrLuBbTdkX3U_zaYyw__38079.8448961743$1333557096$gmane$org@mail.gmail.com> <87d37njtvv.fsf@latte.josefsson.org>
Date: Wed, 04 Apr 2012 12:30:57 -0500
Message-ID: <CAK3OfOh3CfYEdEXgOUfoLaEtUXZ8t-L3h6po3V+fmWjP-jREBQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Simon Josefsson <simon@josefsson.org>
Content-Type: text/plain; charset="UTF-8"
Cc: kitten@ietf.org
Subject: Re: [kitten] GSS-API and timeouts
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 17:31:00 -0000
On Wed, Apr 4, 2012 at 12:20 PM, Simon Josefsson <simon@josefsson.org> wrote: > Nico Williams <nico@cryptonector.com> writes: > >> If you don't want to tackle async init/accept_sec_context now then I >> suggest that you use threads and thread cancellation. > > And not have any timeout in the implementation of the mechanism itself? Right. Why not? You'd have to have cancellation handlers and so on, but then, proper pthread use requires it anyways. Not that anyone bores making libraries cancel-safe -- it's a lot of work, and pthread_cacnel() is rarely ever used. On the other hand, both MIT and Heimdal have added the sorts of interfaces you proposed without any standardization effort, so nothing should stop you from doing the same. My problem with global settings is that they are global, but we know we have apps that load libraries that load libraries that load libraries that use GSS such that we end up having multiple GSS apps in one process. This is why I dislike global settings. My solution, when I get around to finishing it, will be a variant of the "pgss" proposal... (if you'd like to review the design you can, it's in my 'pgss' branch of my github Heimdal fork). Nico --
- Re: [kitten] GSS-API and timeouts Martin Rex
- [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts William Mills
- Re: [kitten] GSS-API and timeouts Simo Sorce
- Re: [kitten] GSS-API and timeouts Nico Williams
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Martin Rex
- Re: [kitten] GSS-API and timeouts Nico Williams
- Re: [kitten] GSS-API and timeouts Nico Williams
- Re: [kitten] GSS-API and timeouts William Mills
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Russ Allbery
- Re: [kitten] GSS-API and timeouts Nico Williams
- Re: [kitten] GSS-API and timeouts Luke Howard
- Re: [kitten] GSS-API and timeouts Russ Allbery