Re: [kitten] draft-ietf-kitten-kerberos-iana-registries -- KerberosFlags limited to 0..31?
Greg Hudson <ghudson@MIT.EDU> Mon, 21 July 2014 14:43 UTC
Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 081AA1A00DB for <kitten@ietfa.amsl.com>; Mon, 21 Jul 2014 07:43:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.202
X-Spam-Level:
X-Spam-Status: No, score=-1.202 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfAKVE0z7tzL for <kitten@ietfa.amsl.com>; Mon, 21 Jul 2014 07:43:28 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A43C11A000F for <kitten@ietf.org>; Mon, 21 Jul 2014 07:43:27 -0700 (PDT)
X-AuditID: 1209190e-f79946d000007db1-7d-53cd270ed8e8
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id FB.DF.32177.E072DC35; Mon, 21 Jul 2014 10:43:26 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s6LEhP8a024152; Mon, 21 Jul 2014 10:43:25 -0400
Received: from [18.101.8.166] (vpn-18-101-8-166.mit.edu [18.101.8.166]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s6LEhMW9025608 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 21 Jul 2014 10:43:24 -0400
Message-ID: <53CD270A.4030102@mit.edu>
Date: Mon, 21 Jul 2014 10:43:22 -0400
From: Greg Hudson <ghudson@MIT.EDU>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Rick van Rein <rick@openfortress.nl>, tlyu@mit.edu, kitten@ietf.org
References: <93975EF5-D151-417E-8043-6B54D36FD9DC@openfortress.nl>
In-Reply-To: <93975EF5-D151-417E-8043-6B54D36FD9DC@openfortress.nl>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmplleLIzCtJLcpLzFFi42IR4hRV1uVTPxts8PukksXRzatYLJ6+usfm wOSxZMlPJo8N/5rYApiiuGxSUnMyy1KL9O0SuDLW9f5nLOhgrzg1czZTA+Mt1i5GTg4JAROJ w1c6oGwxiQv31rN1MXJxCAnMZpKYtvkqlLORUeLp4X3sEM4RJol9/b+YQFp4BdQktk24xA5i swioSqzetJ0NxGYTUJY4ePYbC4gtKhAm8XjOOUaIekGJkzOfgMVFBNwlVl2cBLZaWCBV4uyW 32BxIQEniRkde8Hmcwo4Szw79wnqPEmJbYuOge1iFtCT2HH9FyuELS+x/e0c5gmMgrOQrJiF pGwWkrIFjMyrGGVTcqt0cxMzc4pTk3WLkxPz8lKLdI31cjNL9FJTSjcxgkNYkm8H49eDSocY BTgYlXh4LeTPBguxJpYVV+YeYpTkYFIS5b0gBxTiS8pPqcxILM6ILyrNSS0+xCjBwawkwqup ApTjTUmsrEotyodJSXOwKInzvrW2ChYSSE8sSc1OTS1ILYLJynBwKEnwvlMFahQsSk1PrUjL zClBSDNxcIIM5wEazqsGMry4IDG3ODMdIn+KUZdj0f6X3UxCLHn5ealS4rwPQC4QACnKKM2D mwNLPa8YxYHeEuZ9D7KOB5i24Ca9AlrCBLSkKPM0yJKSRISUVAOjfKiQs4p08aTPXkdPfxMU rVzcf/+Rxn6bm5ufli3dKKn58KTk3f0fZGImaU7gNXPcytii61XWpH9rld97dm0Jw+fsvA45 MzRvBH+14M887jlnt5Q2++HNU6V8nOICBeccycz1dfEutCx/71A5P/99LO/rSbX/ujbU57Z/ 3WMhqR7y4cKBaG0lluKMREMt5qLiRACD5in7GAMAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/eBxRVjKtRlksn6Z8kwGTv9cHTyI
Subject: Re: [kitten] draft-ietf-kitten-kerberos-iana-registries -- KerberosFlags limited to 0..31?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 14:43:31 -0000
On 07/21/2014 05:03 AM, Rick van Rein wrote: > I was surprised to learn that draft-ietf-kitten-kerberos-iana-registries-03 defines >> 6.1. AP-REQ options >> Valid values: ASN.1 bit numbers 0 through 31 [...] I believe this is in deference to implementations which store flag values in fixed 32-bit flags. For example, in MIT krb5: * krb5_flags is a 32-bit integer type. * A krb5_flags field representing ticket flags is included in krb5_creds. * krb5_creds is used in several core public APIs such as krb5_get_credentials. Although RFC 4120 has a well-specified means of encoding larger flag values over the wire, there would still be a significant implementation cost to using larger bit values over the wire. If the IETF decides that this implementation cost is warranted, the standards action which assigns the flag value could amend the registry to accomodate it.
- [kitten] draft-ietf-kitten-kerberos-iana-registri… Rick van Rein
- Re: [kitten] draft-ietf-kitten-kerberos-iana-regi… Greg Hudson
- Re: [kitten] draft-ietf-kitten-kerberos-iana-regi… Rick van Rein