Re: [kitten] RFC2743 errata 4251

Nico Williams <nico@cryptonector.com> Tue, 09 December 2014 21:55 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77C321A01C6 for <kitten@ietfa.amsl.com>; Tue, 9 Dec 2014 13:55:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GW7qokiBbJ0k for <kitten@ietfa.amsl.com>; Tue, 9 Dec 2014 13:55:25 -0800 (PST)
Received: from homiemail-a64.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id CAAAB1A002B for <kitten@ietf.org>; Tue, 9 Dec 2014 13:55:25 -0800 (PST)
Received: from homiemail-a64.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTP id 68B6843807F; Tue, 9 Dec 2014 13:55:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=Vqg4AfKIrdc/dh +YdOi6D1KDXB4=; b=eqVZHO+CR9F96YGbEnmj+fv8/V+7lgqQg+5ERRzRwBv5GK cy5HdJW6Gmv/Bp7YBh/kEEEn45X2z75BbjuaTN1hI5L2z10ZHzxL802ktdx6VT9g n2j70zVrnvoFuyrsIxnnfkMs/RZob4jYFzmtjjKZWrzwfIbKynR3tYxZuOXlw=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTPA id 2067B43806C; Tue, 9 Dec 2014 13:55:25 -0800 (PST)
Date: Tue, 09 Dec 2014 15:55:24 -0600
From: Nico Williams <nico@cryptonector.com>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Message-ID: <20141209215519.GI12979@localhost>
References: <20141104204714.GI7913@localhost> <20141108014820.3278A1AFAB@ld9781.wdf.sap.corp> <20141110162504.GA3412@localhost> <alpine.GSO.1.10.1411241330400.19231@multics.mit.edu> <20141124185114.GM3200@localhost> <alpine.GSO.1.10.1412091618550.23489@multics.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.GSO.1.10.1412091618550.23489@multics.mit.edu>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/mG0iN9-MIQAhkXya6eo7H_tOEI4
Cc: kitten@ietf.org
Subject: Re: [kitten] RFC2743 errata 4251
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Dec 2014 21:55:27 -0000

On Tue, Dec 09, 2014 at 04:36:41PM -0500, Benjamin Kaduk wrote:
> On Mon, 24 Nov 2014, Nico Williams wrote:
> >   It should say:
> >
> >      o  GSS_S_FAILURE indicates that the context is recognized, but
> >      either the GSS_Process_context_token() operation could not be
> >      performed for reasons unspecified at the GSS-API level, or the peer
> >      had an error consuming the last context token sent to it (when the
> 
> I might make the parenthentical be a new sentence,

Maybe.

>                                             [...], and reword it slightly
> to:

This is just the re-write of the parenthetical?

> In order for errors from the peer to be conveyed as input context tokens
> to GSS_Process_context_token() (as opposed to one of the
> context-establishment calls GSS_Init_sec_context() or
> GSS_Accept_sec_context()), the local side must already have been fully
> established but the remote peer's side not established.

How about:
                                                    [...], or the peer
   had an error consuming the last context token sent to it.  [insert here]

                                                              The latter
   occurs when the local side became fully established upon producing
   one last context token that then triggered an error on the remote
   peer.  In either case the minor status code...

> >      local side must have been fully established but the peer hadn't yet
> >      been).  In either case the minor status code provides additional
> >      information.
> >
> >      In the case of successful processing of error tokens, the minor
> >      status code provides information from the input token.  The display
> >      string outputs of GSS_Display_status() as applied to such minor
> >      status codes should indicate this, but note that there is no way to
> 
> "this" is vague.  How about "that the error originated on the remote peer,
> along with the nature of the error"?

Agreed.

> At this point, the sentence is getting a bit long, so breaking before "but
> note" and just starting a new sentence with "Note" may be in order.

Agreed.

> >      distinguish failures of GSS_Process_context_token() from error
> >      token information other than to read the human-readable status
> >      display strings.  Since status display strings are not machine-
> >      readable, there is no way to programmatically make this
> >      distinction.
> 
> Again about "this".

Well, the following word ('distinction') relates to the previous
sentence's 'distinguish', so I think it's safe.  We could just... remove
that last sentence and be done: it adds nothing[*].

[*] So why did I write it in the first place?

Nico
--