[Fwd: Kitten doc reviews]
Jeffrey Altman <jaltman@secure-endpoints.com> Tue, 07 November 2006 17:04 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhUNb-0001Rn-Bi; Tue, 07 Nov 2006 12:04:55 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhUNa-0001Ra-60 for kitten@ietf.org; Tue, 07 Nov 2006 12:04:54 -0500
Received: from ms-smtp-01.rdc-nyc.rr.com ([24.29.109.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhUNX-0004Kh-P8 for kitten@ietf.org; Tue, 07 Nov 2006 12:04:54 -0500
Received: from www.secure-endpoints.com (cpe-68-175-91-105.nyc.res.rr.com [68.175.91.105]) by ms-smtp-01.rdc-nyc.rr.com (8.13.6/8.13.6) with ESMTP id kA7H4mKG007561 for <kitten@ietf.org>; Tue, 7 Nov 2006 12:04:49 -0500 (EST)
Received: from [75.212.58.98] by secure-endpoints.com (Cipher TLSv1:RC4-MD5:128) (MDaemon PRO v9.5.2) with ESMTP id md50000034167.msg for <kitten@ietf.org>; Tue, 07 Nov 2006 12:08:23 -0500
Message-ID: <4550BD7F.1020603@secure-endpoints.com>
Date: Tue, 07 Nov 2006 09:08:15 -0800
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Organization: Secure Endpoints Inc.
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: Kitten <kitten@ietf.org>
X-Enigmail-Version: 0.94.0.0
X-Authenticated-Sender: jaltman@secure-endpoints.com
X-Spam-Processed: www.secure-endpoints.com, Tue, 07 Nov 2006 12:08:23 -0500 (not processed: message from valid local sender)
X-MDRemoteIP: 75.212.58.98
X-Return-Path: jaltman@secure-endpoints.com
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kitten@ietf.org
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 32029c790f79bd4a84a26bd2915c54b9
Cc:
Subject: [Fwd: Kitten doc reviews]
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: jaltman@secure-endpoints.com
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1680134632=="
Errors-To: kitten-bounces@lists.ietf.org
--- Begin Message ---
Here are my reviews for you..
-derek
draft-ietf-kitten-stackable-pseudo-mechs-02.txt
Abstract:
This document defines and formalizes the concept of stackable pseudo-
mechanisms, and associated concept of composite mechanisms, for the
Generic Security Service Application Programming Interface (GSS-API),
as well as several utility functions.
This first sentence is awkward. I think you should remove the first
comma and add a "the", so it reads: ... stackable pseudo-mechanisms and
the associated concept ...
3. Mechanism Composition Issues
What about mechanism ordering? Security Modules cannot necessarily
get transposed, or the ordering matters. Also, send vs. receive order
might need to be different.
4.4. Compatibility with the Basic GSS-APIv2u1 Interfaces
o Which composite mechanisms, if any, are indicated through
GSS_Indicate_mechs() SHOULD be configurable.
This reads awkwardly. A better sentence would read:
Any composite mechanisms indicated through GSS_Indicate_mechs()
SHOULD be configurable.
5.1. New GSS-API Function Interfaces
This section looks like it uses the exact same text as 4.4, but
just in a paragraph instead of bullet-items. What's the point
of that? It also has the same syntactic issue as 4.4:
GSS_Indicate_mechs()
MAY indicate support for some, all or none of the available composite
mechanisms; which composite mechanisms, if any, are indicated through
GSS_Indicate_mechs() SHOULD be configurable.
should probably get re-written in the same way as 4.4:
... any composite mechanisms indidicated through GSS_Indicate_mechs()
SHOULD be configurable.
5.1.4. GSS_Indicate_negotiable_mechs()
o peer_type_known BOOLEAN, -- indicates whether the peer is known to
support or not supprot the stackable pseudo-mechanism framework.
supprot -> support
GSS_Inquire_cred()), but composite mechanisms will be included either
implicitly or implicitly as per the following rules:
"implicitly or implicitly"? I think it should be "explicitly or implicitly"
General Comments...
This document talks about "rules for mechanism composition" but
nowhere does it discuss a way to encode these rules. How do I express
these rules? The draft mentions a means to upgrade these rules, but
not where these rules need to get stored.
draft-ietf-kitten-extended-mech-inquiry-02.txt
No Introduction?
3. New GSS-API Interfaces
The opening sentence is awkwardly composed. I recommend changing it to:
Today GSS-API applications face the problem of how to select from
multiple GSS-API mechanisms that may be available.
3.5. New GSS-API Function Interfaces
This section uses similar text to the other draft. In particular:
support for any stackable pseduo-mechanisms. GSS_Indicate_mechs()
MAY indicate support for some, all or none of the available composite
mechanisms; which composite mechanisms, if any, are indicated through
GSS_Indicate_mechs() SHOULD be configurable. GSS_Acquire_cred() and
The 'which' portion should be re-written as suggested for the previous
draft.
General comments:
Again, the document mentions the composition rules but doesn't
specify them or how to use them.
This document has no security considerations.
--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
--- End Message ---
_______________________________________________ Kitten mailing list Kitten@lists.ietf.org https://www1.ietf.org/mailman/listinfo/kitten
- [Fwd: Kitten doc reviews] Jeffrey Altman
- Re: [Fwd: Kitten doc reviews] Nicolas Williams