IETF Logo Mail Archive

Re: [kitten] RFC2743 errata 4251

Greg Hudson <ghudson@mit.edu> Mon, 15 December 2014 18:09 UTC

Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDBDB1A8718 for <kitten@ietfa.amsl.com>; Mon, 15 Dec 2014 10:09:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aazkYgTYSRLZ for <kitten@ietfa.amsl.com>; Mon, 15 Dec 2014 10:09:52 -0800 (PST)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D88051A8712 for <kitten@ietf.org>; Mon, 15 Dec 2014 10:09:50 -0800 (PST)
X-AuditID: 12074425-f798e6d000000d1a-b7-548f23edd025
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 15.77.03354.DE32F845; Mon, 15 Dec 2014 13:09:49 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id sBFI9hj4005248; Mon, 15 Dec 2014 13:09:44 -0500
Received: from [18.101.8.106] (vpn-18-101-8-106.mit.edu [18.101.8.106]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id sBFI9fON014447 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 15 Dec 2014 13:09:42 -0500
Message-ID: <548F23E5.1020401@mit.edu>
Date: Mon, 15 Dec 2014 13:09:41 -0500
From: Greg Hudson <ghudson@mit.edu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <20141108014820.3278A1AFAB@ld9781.wdf.sap.corp> <20141110162504.GA3412@localhost> <alpine.GSO.1.10.1411241330400.19231@multics.mit.edu> <20141124185114.GM3200@localhost> <alpine.GSO.1.10.1412091618550.23489@multics.mit.edu> <20141209215519.GI12979@localhost> <alpine.GSO.1.10.1412091856160.23489@multics.mit.edu> <20141210002441.GP12979@localhost> <alpine.GSO.1.10.1412101349030.23489@multics.mit.edu> <548F185E.70701@mit.edu> <20141215175033.GF3241@localhost>
In-Reply-To: <20141215175033.GF3241@localhost>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsUixCmqrftWuT/E4PMCdYujm1exWJy6doTN gcnj5alzjB5LlvxkCmCK4rJJSc3JLEst0rdL4Mp4sUmnYK5Qxd1PF9kaGP/wdTFyckgImEi0 v3nPCmGLSVy4t56ti5GLQ0hgMZPE7iWfmSGcjYwSjW+fMUI4R5gkDmz5CZTh4OAVUJOYdccP pJtFQFVi2673TCA2m4CyxPr9W1lASkQFwiSmLuUBCfMKCEqcnPmEBcQWEdCUuD5vKRuIzSxg LHGpZz3YEcJA8Z1fb7FCrLrBLNH4+RoTyBxOAT2JlhNlEPV6Ejuu/2KFsOUlmrfOZp7AKDgL yYpZSMpmISlbwMi8ilE2JbdKNzcxM6c4NVm3ODkxLy+1SNdCLzezRC81pXQTIyh42V1UdzBO OKR0iFGAg1GJhzeCsS9EiDWxrLgy9xCjJAeTkiivgkJ/iBBfUn5KZUZicUZ8UWlOavEhRgkO ZiURXncZoBxvSmJlVWpRPkxKmoNFSZx30w++ECGB9MSS1OzU1ILUIpisDAeHkgTvIyWgRsGi 1PTUirTMnBKENBMHJ8hwHqDhJ0FqeIsLEnOLM9Mh8qcYFaXEedeDJARAEhmleXC9sOTyilEc 6BVh3nMgVTzAxATX/QpoMBPQ4MuMPSCDSxIRUlINjJFPT32qSYp6J2MbMcuK/8v2dz8DZtf+ tWz1UuELOs+240t9yrOg6zkadqbpch8mPxE8d/aa8QzF27OjN67uKzhhvU32oM//64qfe+X0 U/Z27FovqjJBe9G8y8bvxR7KXN7xe/K6dRcqXj6u7nq9IUftjG8MvxcT14dfYrXOajyivCsm iyzhtFBiKc5INNRiLipOBADaHirdCQMAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/lQrTgr7BB5p8704Yl9hOjJuKu48
Cc: kitten@ietf.org
Subject: Re: [kitten] RFC2743 errata 4251
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Dec 2014 18:10:00 -0000

On 12/15/2014 12:50 PM, Nico Williams wrote:
>> (To be clear: saying that applications must eventually call
>> GSS_Delete_sec_context() is fine; saying that they should do so
>> immediately after a GSS_S_COMPLETE from GSS_Process_context_token() is
>> not fine.)
[...]
> Therefore the caller of GSS_Process_context_token(), while they can
> continue to process per-msg tokens from the peer, has to get around to
> calling GSS_Delete_sec_context().

I think I acknowledged above that it must do so eventually (that is, it
must not assume that calling GSS_Process_context token discharged its
responsibility to release the context, despite the lack of a
GSS_Delete_sec_context call by the client in the RFC 2743 section 1
narrative).

> In v2u1, the peer has indicated that it can't continue, so
> calling GSS_Wrap() and GSS_GetMIC() does the app no good[**].

I don't think that is really specified in RFC 2743.  Section 2.2.4 says
"one use..." and then "another use..." but doesn't say that's a
comprehensive list of context token types.  If the authors had intended
for these two uses to be a comprehensive list, I would have expected
more specific language than "impact on context-level state information"
in the preceding sentence.

> Thus also the very specific reference to a GSS-API version (v2u1): it's
> quite true that a GSS-APIv2u1 application could not properly handle a v3
> extension that uses async context tokens.  What could a v2u1 application
> possibly do to properly handle such an extension?  How could it interpret
> the major/minor status codes (other than GSS_S_DEFECTIVE_TOKEN) from
> GSS_Process_context_token() to determine whether the app should
> continue?  If it can't, then how could it decide whether to keep going
> instead of getting around to calling GSS_Delete_sec_context()?

It can try to keep going, and terminate the context when it runs into an
error or a transport-level or application-level closure.  I think this
is the right behavior to encourage given the text in RFC 2743.

> A GSS-APIv2u1 app just has to end up calling GSS_Delete_sec_context()
> when GSS_Process_context_token() returns either GSS_S_COMPLETE or
> GSS_S_FAILURE -- and "soon" after, too.

I don't see a compelling reason to encourage doing so "soon" after a
GSS_S_COMPLETE.

v2.23.0 | Report a Bug | By Email