[TLS] Re: Review of draft-santesson-tls-gssapi-03

To: Larry Zhu <lzhu at windows.microsoft.com>
Subject: [TLS] Re: Review of draft-santesson-tls-gssapi-03
From: Simon Josefsson <simon at josefsson.org>
Date: Tue, 18 Sep 2007 10:22:53 +0200
Cc: "tls at lists.ietf.org" <tls at lists.ietf.org>
In-reply-to: <B78121AEC3DFC949BF5080E7BCDD79F49D5D76A055@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> (Larry Zhu's message of "Fri, 14 Sep 2007 14:23:12 -0700")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <87bqc9k3xy.fsf@mocca.josefsson.org> <B78121AEC3DFC949BF5080E7BCDD79F49BB7915A39@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> <87abrse6y9.fsf@mocca.josefsson.org> <B78121AEC3DFC949BF5080E7BCDD79F49D5D76A055@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Larry Zhu <lzhu at windows.microsoft.com> writes:

> Simon Josefsson wrote:
>> do you think this is better? Thanks.
>
>> Ah, I see.  You fail to specify the size of the length field though.  I would prefer to make the token explicit though, by adding e.g.:
>>
>>        struct {
>>            opaque gss_api_data<0..2^32-1>;
>>        } GSSAPIExtensionData;
> The size of the length field is defined in section 2.3 of RFC3546. It is 2 in octets.

Ok, now I get it, thanks.

>> If you want to have this field, you need to specify how implementations
>> should behave if multiple TokenTransfer tokens are received during the
>> handshake and when only some of them contain supported token_type's.
>> Otherwise this structure can never be used in any future extension in a
>> reliable way.
>
> A new value would indicate a new handshake message. I would make this
> clear, hopefully that addresses your comments w.r.t. this point.

A new handshake message type or just a new handshake message?  If the
latter, I still think you need to discuss how implementations should
react if they receive unsupported token_type's.  I look forwward to new
text.

> Assuming that, all your comments have been addressed to your
> satisfactory, right?

Yes I think so, although I may have opinions on how the issues are
ultimately solved in later drafts.

/Simon

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- [TLS] RE: Review of draft-santesson-tls-gssapi-03
  - From: Larry Zhu

References:
- [TLS] Review of draft-santesson-tls-gssapi-03
  - From: Simon Josefsson
- RE: [TLS] Review of draft-santesson-tls-gssapi-03
  - From: Larry Zhu
- [TLS] Re: Review of draft-santesson-tls-gssapi-03
  - From: Simon Josefsson
- [TLS] RE: Review of draft-santesson-tls-gssapi-03
  - From: Larry Zhu

Prev by Date: [TLS] Re: TLS 1.2 hash agility (Mike)
Next by Date: [TLS] RE: Review of draft-santesson-tls-gssapi-03
Previous by thread: [TLS] RE: Review of draft-santesson-tls-gssapi-03
Next by thread: [TLS] RE: Review of draft-santesson-tls-gssapi-03
Index(es):
- Date
- Thread

[TLS] Re: Review of draft-santesson-tls-gssapi-03

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.