[Fwd: Kitten doc reviews]
Jeffrey Altman <jaltman@secure-endpoints.com> Tue, 07 November 2006 17:04 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhUNb-0001Rn-Bi; Tue, 07 Nov 2006 12:04:55 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhUNa-0001Ra-60 for kitten@ietf.org; Tue, 07 Nov 2006 12:04:54 -0500
Received: from ms-smtp-01.rdc-nyc.rr.com ([24.29.109.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhUNX-0004Kh-P8 for kitten@ietf.org; Tue, 07 Nov 2006 12:04:54 -0500
Received: from www.secure-endpoints.com (cpe-68-175-91-105.nyc.res.rr.com [68.175.91.105]) by ms-smtp-01.rdc-nyc.rr.com (8.13.6/8.13.6) with ESMTP id kA7H4mKG007561 for <kitten@ietf.org>; Tue, 7 Nov 2006 12:04:49 -0500 (EST)
Received: from [75.212.58.98] by secure-endpoints.com (Cipher TLSv1:RC4-MD5:128) (MDaemon PRO v9.5.2) with ESMTP id md50000034167.msg for <kitten@ietf.org>; Tue, 07 Nov 2006 12:08:23 -0500
Message-ID: <4550BD7F.1020603@secure-endpoints.com>
Date: Tue, 07 Nov 2006 09:08:15 -0800
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Organization: Secure Endpoints Inc.
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: Kitten <kitten@ietf.org>
X-Enigmail-Version: 0.94.0.0
X-Authenticated-Sender: jaltman@secure-endpoints.com
X-Spam-Processed: www.secure-endpoints.com, Tue, 07 Nov 2006 12:08:23 -0500 (not processed: message from valid local sender)
X-MDRemoteIP: 75.212.58.98
X-Return-Path: jaltman@secure-endpoints.com
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kitten@ietf.org
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 32029c790f79bd4a84a26bd2915c54b9
Cc:
Subject: [Fwd: Kitten doc reviews]
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: jaltman@secure-endpoints.com
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1680134632=="
Errors-To: kitten-bounces@lists.ietf.org
--- Begin Message ---Here are my reviews for you.. -derek draft-ietf-kitten-stackable-pseudo-mechs-02.txt Abstract: This document defines and formalizes the concept of stackable pseudo- mechanisms, and associated concept of composite mechanisms, for the Generic Security Service Application Programming Interface (GSS-API), as well as several utility functions. This first sentence is awkward. I think you should remove the first comma and add a "the", so it reads: ... stackable pseudo-mechanisms and the associated concept ... 3. Mechanism Composition Issues What about mechanism ordering? Security Modules cannot necessarily get transposed, or the ordering matters. Also, send vs. receive order might need to be different. 4.4. Compatibility with the Basic GSS-APIv2u1 Interfaces o Which composite mechanisms, if any, are indicated through GSS_Indicate_mechs() SHOULD be configurable. This reads awkwardly. A better sentence would read: Any composite mechanisms indicated through GSS_Indicate_mechs() SHOULD be configurable. 5.1. New GSS-API Function Interfaces This section looks like it uses the exact same text as 4.4, but just in a paragraph instead of bullet-items. What's the point of that? It also has the same syntactic issue as 4.4: GSS_Indicate_mechs() MAY indicate support for some, all or none of the available composite mechanisms; which composite mechanisms, if any, are indicated through GSS_Indicate_mechs() SHOULD be configurable. should probably get re-written in the same way as 4.4: ... any composite mechanisms indidicated through GSS_Indicate_mechs() SHOULD be configurable. 5.1.4. GSS_Indicate_negotiable_mechs() o peer_type_known BOOLEAN, -- indicates whether the peer is known to support or not supprot the stackable pseudo-mechanism framework. supprot -> support GSS_Inquire_cred()), but composite mechanisms will be included either implicitly or implicitly as per the following rules: "implicitly or implicitly"? I think it should be "explicitly or implicitly" General Comments... This document talks about "rules for mechanism composition" but nowhere does it discuss a way to encode these rules. How do I express these rules? The draft mentions a means to upgrade these rules, but not where these rules need to get stored. draft-ietf-kitten-extended-mech-inquiry-02.txt No Introduction? 3. New GSS-API Interfaces The opening sentence is awkwardly composed. I recommend changing it to: Today GSS-API applications face the problem of how to select from multiple GSS-API mechanisms that may be available. 3.5. New GSS-API Function Interfaces This section uses similar text to the other draft. In particular: support for any stackable pseduo-mechanisms. GSS_Indicate_mechs() MAY indicate support for some, all or none of the available composite mechanisms; which composite mechanisms, if any, are indicated through GSS_Indicate_mechs() SHOULD be configurable. GSS_Acquire_cred() and The 'which' portion should be re-written as suggested for the previous draft. General comments: Again, the document mentions the composition rules but doesn't specify them or how to use them. This document has no security considerations. -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant--- End Message ---
_______________________________________________ Kitten mailing list Kitten@lists.ietf.org https://www1.ietf.org/mailman/listinfo/kitten
- [Fwd: Kitten doc reviews] Jeffrey Altman
- Re: [Fwd: Kitten doc reviews] Nicolas Williams