[TLS] Re: Review of draft-santesson-tls-gssapi-03

Simon Josefsson <simon@josefsson.org> Tue, 18 September 2007 08:24 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IXYNO-0007tQ-EJ; Tue, 18 Sep 2007 04:24:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IXYNM-0007qO-TO for tls@lists.ietf.org; Tue, 18 Sep 2007 04:24:08 -0400
Received: from yxa.extundo.com ([83.241.177.38]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IXYNC-0000FD-Id for tls@lists.ietf.org; Tue, 18 Sep 2007 04:24:04 -0400
Received: from mocca.josefsson.org (yxa.extundo.com [83.241.177.38]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l8I8Mrl9031022 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Sep 2007 10:22:54 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Larry Zhu <lzhu@windows.microsoft.com>
References: <87bqc9k3xy.fsf@mocca.josefsson.org> <B78121AEC3DFC949BF5080E7BCDD79F49BB7915A39@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> <87abrse6y9.fsf@mocca.josefsson.org> <B78121AEC3DFC949BF5080E7BCDD79F49D5D76A055@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:070918:tls@lists.ietf.org::trDCOLnLeX8tK1V/:5mRc
X-Hashcash: 1:22:070918:lzhu@windows.microsoft.com::xI0G80eIPkwTAVTz:4sOS
Date: Tue, 18 Sep 2007 10:22:53 +0200
In-Reply-To: <B78121AEC3DFC949BF5080E7BCDD79F49D5D76A055@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> (Larry Zhu's message of "Fri, 14 Sep 2007 14:23:12 -0700")
Message-ID: <87bqc0jsbm.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-2.5 required=4.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_PASS autolearn=unavailable version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Cc: "tls@lists.ietf.org" <tls@lists.ietf.org>
Subject: [TLS] Re: Review of draft-santesson-tls-gssapi-03
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Larry Zhu <lzhu@windows.microsoft.com> writes:

> Simon Josefsson wrote:
>> do you think this is better? Thanks.
>
>> Ah, I see.  You fail to specify the size of the length field though.  I would prefer to make the token explicit though, by adding e.g.:
>>
>>        struct {
>>            opaque gss_api_data<0..2^32-1>;
>>        } GSSAPIExtensionData;
> The size of the length field is defined in section 2.3 of RFC3546. It is 2 in octets.

Ok, now I get it, thanks.

>> If you want to have this field, you need to specify how implementations
>> should behave if multiple TokenTransfer tokens are received during the
>> handshake and when only some of them contain supported token_type's.
>> Otherwise this structure can never be used in any future extension in a
>> reliable way.
>
> A new value would indicate a new handshake message. I would make this
> clear, hopefully that addresses your comments w.r.t. this point.

A new handshake message type or just a new handshake message?  If the
latter, I still think you need to discuss how implementations should
react if they receive unsupported token_type's.  I look forwward to new
text.

> Assuming that, all your comments have been addressed to your
> satisfactory, right?

Yes I think so, although I may have opinions on how the issues are
ultimately solved in later drafts.

/Simon

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls