[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-gs2-02.txt

To: Simon Josefsson <jas@xxxxxxxxxxx>
Subject: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Wed, 6 Sep 2006 07:58:54 -0500
Cc: ietf-sasl@xxxxxxx
In-reply-to: <87irk1fk6w.fsf@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Mail-followup-to: Simon Josefsson <jas@xxxxxxxxxxx>, ietf-sasl@xxxxxxx
References: <87r6yvzzp5.fsf@xxxxxxxxxxxxxxxxxxx> <20060901160504.GN29007@xxxxxxxxxxxxxxxxxxxxx> <44F86667.1000602@xxxxxxxxx> <87k64kx6zt.fsf@xxxxxxxxxxxxxxxxxxx> <44FC4836.3090803@xxxxxxxxx> <20060905051552.GB27685@xxxxxxxxxxxxxxxxxxxxx> <44FD43B3.4050906@xxxxxxxxx> <87lkoy8wru.fsf@xxxxxxxxxxxxxxxxxxx> <20060905132114.GB27961@xxxxxxxxxxxxxxxxxxxxx> <87irk1fk6w.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Wed, Sep 06, 2006 at 10:55:35AM +0200, Simon Josefsson wrote:
> For interoperability, I believe this problem should be noted, because
> it may make it impossible to use a negotiated security layer.
> 
> Can we use the following and move on?
> 
>       <t>The "client_maxbuf" field indicate the maximum protected
> 	buffer size the client can receive.  It MUST be 0 if the
> 	client doesn't advertise support for any security layer, the
> 	server MUST verify this.  Small values can make it impossible
> 	for the server to send any protected message to the client,
> 	due to the overhead added by GSS_Wrap, and the server MAY
> 	reject the authentication if it detects this situation.</t>

s/, the server MUST verify this//

I see no value in the server verifying that client_maxbuf == 0 when the
client doesn't ask for any security layers.

Also, even with no security layers the application may benefit from the
SASL mechanism maxbuf negotiation (again, think of small devices).

So I think the entire second sentence should be removed.

>       <t>The "server_maxbuf" field indicate the maximum protected data
> 	buffer size the server can receive.  It MUST be 0 if the
> 	server doesn't advertise support for any security layer, the
> 	client MUST verify this.  Small values can make it impossible
> 	for the client to send any protected message to the server,
> 	due to the overhead added by GSS_Wrap, and the client MAY
> 	reject the authentication if it detects this situation.</t>

Same here.

Otherwise I'm happy.

Nico
--

Follow-Ups:
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson

References:
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson

Prev by Date: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Next by Date: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Previous by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Next by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Index(es):
- Date
- Thread