Re: [kitten] Use of GSS_Get_name_attribute() to obtain further attributes

Alejandro Perez Mendez <alex@um.es> Thu, 16 April 2015 18:52 UTC

Return-Path: <alex@um.es>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65D1A1B34A7 for <kitten@ietfa.amsl.com>; Thu, 16 Apr 2015 11:52:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.611
X-Spam-Level:
X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EeThgJNQ791f for <kitten@ietfa.amsl.com>; Thu, 16 Apr 2015 11:52:33 -0700 (PDT)
Received: from xenon21.um.es (xenon21.um.es [155.54.212.161]) by ietfa.amsl.com (Postfix) with ESMTP id AA1821B34A3 for <kitten@ietf.org>; Thu, 16 Apr 2015 11:52:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by xenon21.um.es (Postfix) with ESMTP id E9EE448C0B for <kitten@ietf.org>; Thu, 16 Apr 2015 20:52:25 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at xenon21.um.es
Received: from xenon21.um.es ([127.0.0.1]) by localhost (xenon21.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 5xzbAXlPnyo4 for <kitten@ietf.org>; Thu, 16 Apr 2015 20:52:25 +0200 (CEST)
Received: from [10.42.0.179] (84.121.18.25.dyn.user.ono.com [84.121.18.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon21.um.es (Postfix) with ESMTPSA id BEC0148C09 for <kitten@ietf.org>; Thu, 16 Apr 2015 20:52:25 +0200 (CEST)
Message-ID: <553004E8.9030405@um.es>
Date: Thu, 16 Apr 2015 20:52:24 +0200
From: Alejandro Perez Mendez <alex@um.es>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: kitten@ietf.org
References: <552B7D5F.3000006@um.es> <1428933722.810.52.camel@willson.usersys.redhat.com> <alpine.GSO.1.10.1504131120270.22210@multics.mit.edu> <20150415195928.GD29890@localhost>
In-Reply-To: <20150415195928.GD29890@localhost>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/_KSUSbBuuZFHiaj6hz9dPbb6KTs>
Subject: Re: [kitten] Use of GSS_Get_name_attribute() to obtain further attributes
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2015 18:52:34 -0000


El 15/04/15 a las 21:59, Nico Williams escribió:
> On Mon, Apr 13, 2015 at 11:43:59AM -0400, Benjamin Kaduk wrote:
>> I do not think I am opposed to (1) (i.e., letting GSS_Get_name_attribute()
>> block on network interaction), but if we proceed down that route, I think
>> we should file an erratum against 6880 to that effect.
> I do not think that RFC6680 says or implies that only those attributes
> listed by GSS_Inquire_name() may be gotten with
> GSS_Get_name_attribute(), so to start with, we don't need to change
> anything about RFC6680 w.r.t. that.
>
> As for what blocking/non-blocking behavior can be expected, I'd say:
>
> a) GSS_Inquire_name() can never "block",
> b) GSS_Get_name_attribute() can, and whether it can should depend on the
>     attribute being gotten, and preferably this is described by the
>     attribute's documentation.

I agree with this view.

Regards,
Alejandro

> For the latter, see draft-williams-kitten-generic-naming-attributes-02,
> which describes a generic attribute prefix by which the application can
> request non-blocking behavior (which can fail if whatever data is not
> available).
>
> Nico