Re: KITTEN: IETF 75 - 76

To: Leif Johansson <leifj at mnt.se>
Subject: Re: KITTEN: IETF 75 - 76
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Mon, 17 Aug 2009 17:25:01 -0500
Cc: kitten at ietf.org, Shawn M Emery <Shawn.Emery at sun.com>
Delivered-to: kitten at core3.amsl.com
In-reply-to: <200908180013.29152.leifj at mnt.se>
List-archive: <http://www.ietf.org/mail-archive/web/kitten>
List-help: <mailto:kitten-request@ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-post: <mailto:kitten@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
References: <4A87A69A.3050408 at sun.com> <4A87E02D.7030503 at isode.com> <200908180013.29152.leifj at mnt.se>
User-agent: Mutt/1.5.7i

On Tue, Aug 18, 2009 at 12:13:28AM +0200, Leif Johansson wrote:
> > I think Leif has expressed interest in (3) before.
> 
> That was exporting unfinished contexts actually - slightly different.

Oh yes, that too (that's trivial, of course, though exporting non-fully
established contexts has to be allowed to fail).

> > >    4. error message reporting
> > >    5. asynchronous calls
> >
> > The last 2 are generally required for use by modern applications.
> 
> hmm, is asynchronous calls related to exportable contexts perhaps...?

No.  Think of how gss_init_sec_context() and gss_accept_sec_context()
can go off and do things like: DNS lookups, TGS exchanges, certificate
validation (including OSCP and/or CRL checking), ...  All those tasks
must complete before those functions can return, but each of those tasks
can take a long time to complete or fail to complete.

I.e., we want versions of gss_init/accept_sec_context() that will do as
much work as they can, then return without necessarily completing their
work, instead returning some completion event object so the application
can wait for completion in its event loop.

The basic problem here are is that async APIs tend to be very
OS-specific.  But I think we can still have an OS-agnostic design IF we
can rely on background threads (i.e., on a multi-threaded process
model).  Relying on bg-threads might not be feasible on systems where a
multi-threaded process model can't be relied upon (well, on such systems
the async functions can just always operate synchronously when called in
a single-threaded process).

Nico
--

Follow-Ups:
- Re: KITTEN: IETF 75 - 76
  - From: Martin Rex

References:
- KITTEN: IETF 75 - 76
  - From: Shawn M Emery
- Re: KITTEN: IETF 75 - 76
  - From: Alexey Melnikov
- Re: KITTEN: IETF 75 - 76
  - From: Leif Johansson

Prev by Date: Re: KITTEN: IETF 75 - 76
Next by Date: Re: KITTEN: IETF 75 - 76
Previous by thread: Re: KITTEN: IETF 75 - 76
Next by thread: Re: KITTEN: IETF 75 - 76
Index(es):
- Date
- Thread

Re: KITTEN: IETF 75 - 76

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.