idnits 2.17.1 draft-ietf-kitten-gssapi-rfc2853-update-for-csharp-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1.a on line 15. -- Found old boilerplate from RFC 3978, Section 5.5 on line 381. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 358. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 365. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 371. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: This document is an Internet-Draft and is subject to all provisions of Section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** There are 113 instances of lines with control characters in the document. ** The abstract seems to contain references ([RFC2853]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 22, 2004) is 7064 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2853 (Obsoleted by RFC 5653) Summary: 9 errors (**), 0 flaws (~~), 3 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 NETWORK WORKING GROUP J. Luciani 2 INTERNET-DRAFT Novell, Inc. 3 Expires: June 24, 2005 December 22, 2004 5 GSS-API V2: Java & C# Bindings 6 draft-ietf-kitten-gssapi-rfc2853-update-for-csharp-00 8 Status of this Memo 10 This document is an Internet-Draft and is subject to all provisions 11 of section 3 of RFC 3667. By submitting this Internet-Draft, each 12 author represents that any applicable patent or other IPR claims of 13 which he or she is aware have been or will be disclosed, and any of 14 which he or she become aware will be disclosed, in accordance with 15 RFC 3668. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as 20 Internet-Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on May 26, 2005. 35 Copyright Notice 37 Copyright (C) The Internet Society (2004). 39 Abstract 41 The Generic Security Services Application Program Interface (GSS-API) 42 offers application programmers uniform access to security services 43 atop a variety of underlying cryptographic mechanisms. This document 44 proposes an update to Generic Security Service API Version 45 2: Java Bindings [RFC2853], to include C# bindings. 47 The proposed updates are documented as additions to be merged into 48 section 4 of RFC 2853. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Additions to Section 4 of RFC 2853 . . . . . . . . . . . . . . . 4 54 2.1 New Section 4.17 - Title: C# Modifications . . . . . . . . 4 55 2.2 New Section 4.17.1 - Title: C# Assembly Name . . . . . . . 4 56 2.3 New Section 4.17.2 - Title: C# Class Definitions . . . . . 4 57 2.4 New Section 4.17.3 - Title: C# Data Types. . . . . . . . . 4 58 2.5 New Section 4.17.4 - Title: C# Exception Handling. . . . . 4 59 2.6 New Section 4.17.5: Title: C# Example Code . . . . . . . . 5 60 3. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . . 9 61 4. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . . 9 62 5. Normative References . . . . . . . . . . . . . . . . . . . . . . 9 63 6. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 64 7. Intellectual Property Statement. . . . . . . . . . . . . . . . 10 65 8. Disclaimer of Validity . . . . . . . . . . . . . . . . . . . . 10 66 9. Copyright Statement . . . . . . . . . . . . . . . . . . . . . . 10 68 1. Introduction 70 This document specifies modifications to RFC 2853, Generic Security 71 Service API Version 2: Java Bindings, that will allow it to also 72 document C# bindings for GSS-API V2. 74 The C# language has recently gained much popularity with the advent 75 of the .NET and the Mono frameworks. The C# GSS-API bindings aim to 76 allow C# application developers to leverage the security services 77 of the API from within those frameworks. 79 The design goal of the C# GSS-API was to adhere to the definition of 80 the Java GSS-API as much as possible to leverage the work that has 81 been done on it and to ease the transition of Java application 82 developers to the C# environment. The following section describes 83 additions that when merged with the contents of RFC 2853 should 84 result in a document that covers both the Java and C# bindings of 85 GSS-API [RFC2743]. 87 2.0 Additions to Section 4 of RFC 2853 89 2.1 New Section 4.17 - Title: C# Modifications 91 This section describes the language dependent modifications necessary 92 to implement the interface in C#. 94 2.2 New Section 4.17.1 - Title: C# Assembly Name 96 The C# namespace is org.ietf.gss. See section 4.17.5 for an example. 98 2.3 New Section 4.17.2 - Title: C# Class Definitions 100 All class definitions & methods remain the same as specified in the 101 Java bindings. 103 2.4 New Section 4.17.3 - Title: C# Data Types 105 All data types remain the same. 107 2.5 New Section 4.17.4 - Title: C# Exception Handling 109 All exception codes remain the same as specified in the Java 110 bindings. However, C# does not have a 'throws' statement. Therefore, 111 method prototypes do not include the exception type. For example, 113 Java method prototype : 115 public abstract GSSName createName(String nameStr, Oid nameType) 116 throws GSSException; 118 Equivalent C# method prototype : 120 public abstract GSSName createName(String nameStr, Oid nameType); 122 C# does implement the throw and catch keywords, for example: 124 public class GSSName createName(String nameStr, Oid nameType) 125 { 126 int majorCode = 0; 127 ... 129 majorCode = validateParms(nameStr, nameType); 131 if (majorCode) 132 throw new GSSException(majorCode); 134 ... 135 } 137 2.6 New Section 4.17.5: Title: C# Example Code 139 Client example : 141 using ietf.org.gss; 143 class GssapiClient 144 { 145 private static TcpClient client; 146 private static NetworkStream stream; 148 static void Main(string[] args) 149 { 150 Connect("127.0.0.1", "message from client"); 152 try 153 { 154 GSSManager manager = GSSManager.getInstance(); 156 Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2"); 157 Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1"); 159 // Optionally Identify who the client wishes to be 160 // GSSName name = manager.createName("test@gsserver", 161 // GSSName.NT_USER_NAME); 163 // Obtain default credential 164 GSSCredential userCreds = 165 manager.createCredential(GSSCredential.INITIATE_ONLY); 166 GSSName name = userCreds.getName(krb5PrincipalNameType); 168 Console.WriteLine( 169 "Just acquired credentials for " + name.toString()); 171 int acceptLife = 172 userCreds.getRemainingAcceptLifetime(new Oid("2.3.4")); 173 int initLife = 174 userCreds.getRemainingInitLifetime(new Oid("1..3.")); 175 int remLife = 176 userCreds.getRemainingLifetime(); 177 int usage = 178 userCreds.getUsage(); 180 GSSName namea = userCreds.getName(); 181 Oid[] oa = userCreds.getMechs(); 182 // Instantiate and initialize a security context that will be 183 // established with the server 184 GSSContext context = manager.createContext(name, 185 krb5Mechanism, 186 userCreds, 187 GSSContext.DEFAULT_LIFETIME); 189 userCreds.dispose(); 191 // Optionally Set Context Options, must be done 192 // before iniSecContext call. 193 context.requestMutualAuth(true); 194 context.requestConf(true); 195 context.requestInteg(true); 196 context.requestSequenceDet(true); 197 context.requestCredDeleg(true); 199 MemoryStream ins = new MemoryStream(); 200 MemoryStream outs = new MemoryStream(); 202 // loop until context is setup and no more tokens to receive 203 while (!context.isEstablished()) 204 { 205 outs = new MemoryStream(); 206 context.initSecContext(ins, outs); 208 // send token if present 209 if (outs.Length > 0) 210 { 211 Console.WriteLine("Sending token..."); 212 sendToken(outs); 213 } 215 // check if we should expect more tokens 216 if (context.isEstablished()) 217 break; 219 // another token expected from peer 220 Console.WriteLine( 221 "Still expecting another token from server..."); 222 ins = recvToken(); 223 } 225 // 226 // display context information 227 // 228 // Did the server authenticate back to client? 229 Console.WriteLine("\n{0} Mutual Authentication", 230 context.getMutualAuthState() ? "Using" : "Not using"); 231 Console.WriteLine("Credentials were delegated = " 232 + context.getCredDelegState()); 233 Console.WriteLine("Remaining lifetime in seconds = " 234 + context.getLifetime()); 235 Console.WriteLine("Context mechanism = " + context.getMech()); 236 Console.WriteLine("Initiator = " 237 + context.getSrcName().toString()); 238 Console.WriteLine("Acceptor = " 239 + context.getTargName().toString()); 240 Console.WriteLine("Confidentiality (i.e., privacy) 241 is {0}available", 242 context.getConfState() ? "" : "not "); 243 Console.WriteLine("Integrity is {0}available", 244 context.getIntegState() ? "" : "not "); 245 Console.WriteLine("Is initiator = " + context.isInitiator()); 246 Console.WriteLine("Is transferable = " 247 + context.isTransferable()); 248 Console.WriteLine("Is protReady = " 249 + context.isProtReady()); 250 Console.WriteLine("ReplayDetState = " + 251 context.getReplayDetState()); 252 Console.WriteLine("SequenceDetState = " + 253 context.getSequenceDetState()); 255 // perform wrap on an application supplied message 256 // using QOP = 0, and requesting privacy service 258 MessageProp msgProp = new MessageProp(0, true); 259 byte [] message = 260 System.Text.Encoding.ASCII.GetBytes("Hello GSS-API!"); 261 byte [] token = 262 System.Text.Encoding.ASCII.GetBytes("tok"); 264 // Byte aray method is equivalent to stream method 265 //byte []token = context.wrap(message, 266 0, 267 appMsg.length, 268 msgProp); 269 //sendToken(token); 271 ins = new MemoryStream(); 272 outs = new MemoryStream(); 273 ins.Write(token, 0, token.Length); 274 context.getMIC(ins, outs, msgProp); 275 sendToken(outs); 276 outs = new MemoryStream(); 277 outs.Write(message, 0, message.Length); 278 sendToken(outs); 280 ins = new MemoryStream(); 281 outs = new MemoryStream(); 282 ins.Write(message, 0, message.Length); 283 context.wrap(ins, outs, msgProp); 284 sendToken(outs); 286 // Optionally export context to another thead 287 GSSContext ctx = manager.createContext(context.export()); 288 Console.WriteLine("New context isTransferable = " 289 + ctx.isTransferable()); 290 Console.WriteLine("New context isInitiator = " 291 + ctx.isInitiator()); 292 Console.WriteLine("New context protReady = " 293 + ctx.isProtReady()); 294 Console.WriteLine("New context srcName = " 295 + ctx.getSrcName().toString()); 296 Console.WriteLine("New context targName = " 297 + ctx.getTargName().toString()); 299 // release the local-end of the context 300 ctx.dispose(); 302 stream.Close(); 303 Console.WriteLine("Leaving..."); 304 } 305 catch (GSSException e) 306 { 307 Console.WriteLine(e.getMessage()); 308 Console.WriteLine(e.StackTrace); 309 } 310 } 311 3. IANA Considerations 313 This document has no actions for IANA. 315 4. Acknowledgments 317 The author would like to thank the following: 319 Corby Morris who wrote the original version of this document and is 320 the creator of the C# GSS-API bindings. 322 Jeff Altman for his support and suggestions. 324 Kabat, J. and Upadhyay, M. for writing the Generic Security Service 325 API Version 2 : Java Bindings specification [RFC2743] that 326 constitutes the basis of this work. 328 Funding for the RFC Editor function is currently provided by the 329 Internet Society. 331 5. Normative References 333 [RFC2743] Linn, J., "Generic Security Service Application Program 334 Interface Version 2, Update 1", RFC 2743, January 2000. 336 [RFC2853] Kabat, J. and Upadhyay, M., "Generic Security Service API 337 Version 2 : Java Bindings", RFC 2853, June 2000. 339 6. Authors' Addresses 341 Juan Carlos Luciani 342 Novell, Inc. 343 1800 South Novell Place 344 Provo, Utah 84606 345 US 347 EMail: jluciani@novell.com 349 7. Intellectual Property Statement 351 The IETF takes no position regarding the validity or scope of any 352 Intellectual Property Rights or other rights that might be claimed to 353 pertain to the implementation or use of the technology described in 354 this document or the extent to which any license under such rights 355 might or might not be available; nor does it represent that it has 356 made any independent effort to identify any such rights. Information 357 on the procedures with respect to rights in RFC documents can be 358 found in BCP 78 and BCP 79. 360 Copies of IPR disclosures made to the IETF Secretariat and any 361 assurances of licenses to be made available, or the result of an 362 attempt made to obtain a general license or permission for the use of 363 such proprietary rights by implementers or users of this 364 specification can be obtained from the IETF on-line IPR repository at 365 http://www.ietf.org/ipr. 367 The IETF invites any interested party to bring to its attention any 368 copyrights, patents or patent applications, or other proprietary 369 rights that may cover technology that may be required to implement 370 this standard. Please address the information to the IETF at 371 ietf-ipr@ietf.org. 373 8. Disclaimer of Validity 375 This document and the information contained herein are provided on an 376 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 377 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 378 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 379 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 380 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 381 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 383 9. Copyright Statement 385 Copyright (C) The Internet Society (2004). This document is subject 386 to the rights, licenses and restrictions contained in BCP 78, and 387 except as set forth therein, the authors retain all their rights.