Re: [kitten] Clarification of gss_add_cred() behavior
Viktor Dukhovni <viktor1dane@dukhovni.org> Thu, 19 March 2015 19:40 UTC
Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4788E1A8BC0 for <kitten@ietfa.amsl.com>; Thu, 19 Mar 2015 12:40:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkG7MLcTv_My for <kitten@ietfa.amsl.com>; Thu, 19 Mar 2015 12:40:04 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D1771A8BC1 for <kitten@ietf.org>; Thu, 19 Mar 2015 12:40:04 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id C4079283011; Thu, 19 Mar 2015 19:40:02 +0000 (UTC)
Date: Thu, 19 Mar 2015 19:40:02 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: kitten@ietf.org
Message-ID: <20150319194002.GG4309@mournblade.imrryr.org>
References: <20150319025202.GB8099@localhost> <alpine.GSO.1.10.1503191446260.3953@multics.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.GSO.1.10.1503191446260.3953@multics.mit.edu>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/r1CQx0S24nQL7toNBgusPqsathY>
Subject: Re: [kitten] Clarification of gss_add_cred() behavior
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: kitten@ietf.org
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2015 19:40:06 -0000
On Thu, Mar 19, 2015 at 02:48:44PM -0400, Benjamin Kaduk wrote: > > I think this must have been a drafting error. It's obvious to me, but > > maybe someone has a very different opinion as to this (Martin?). > > But a GSS credential can only represent a single identity ("entity", see > 1.1.1.1)! Identities are represented by (non-mechanism) names, so it is > not clear to me that this is a drafting error. If you know what name you > want credentials for, you should use it. The situation as I understand it is as follows. 1. gss_add_cred() is intended to build a credential handle *incrementally*, adding credentials one mechanism at a time. Either for a default name, or for an explicit name that agrees with any previous credentials in the input handle. 2. For this interface to be useful, the initial state one must be able to start with an empty credential handle and build up from there. This presumably is specified via a NULL input credential, and still the same name for which one wants creds. 3. So how are the desired "name" and "mech" used when going from no creds (NULL input handle) to a handle with a first credential element? 4. The text says that a default credential handle is implicitly constructed with GSS_C_NO_NAME, and we add to that! But what if the acquired default credential has a conflicting name, and potentially already has elements for the same or other mechanisms? What is that text really trying to say, and why? -- Viktor.
- [kitten] Clarification of gss_add_cred() behavior Nico Williams
- Re: [kitten] Clarification of gss_add_cred() beha… Nico Williams
- Re: [kitten] Clarification of gss_add_cred() beha… Benjamin Kaduk
- Re: [kitten] Clarification of gss_add_cred() beha… Viktor Dukhovni
- Re: [kitten] Clarification of gss_add_cred() beha… Nico Williams
- Re: [kitten] Clarification of gss_add_cred() beha… Nico Williams
- Re: [kitten] Clarification of gss_add_cred() beha… Benjamin Kaduk
- Re: [kitten] Clarification of gss_add_cred() beha… Viktor Dukhovni
- Re: [kitten] Clarification of gss_add_cred() beha… Nico Williams
- Re: [kitten] Clarification of gss_add_cred() beha… Nico Williams
- Re: [kitten] Clarification of gss_add_cred() beha… Benjamin Kaduk
- Re: [kitten] Clarification of gss_add_cred() beha… Viktor Dukhovni
- Re: [kitten] Clarification of gss_add_cred() beha… Nico Williams
- Re: [kitten] Clarification of gss_add_cred() beha… Benjamin Kaduk