[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-gs2-02.txt

To: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>
Subject: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
From: Simon Josefsson <jas@xxxxxxxxxxx>
Date: Wed, 06 Sep 2006 15:39:39 +0200
Cc: ietf-sasl@xxxxxxx
In-reply-to: <44FEBBD6.8090000@xxxxxxxxx> (Alexey Melnikov's message of "Wed\, 06 Sep 2006 13\:15\:18 +0100")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <7.0.1.0.0.20060831104340.03a589a0@xxxxxxxxxxxx> <87r6yvzzp5.fsf@xxxxxxxxxxxxxxxxxxx> <20060901160504.GN29007@xxxxxxxxxxxxxxxxxxxxx> <44F86667.1000602@xxxxxxxxx> <87k64kx6zt.fsf@xxxxxxxxxxxxxxxxxxx> <44FC4836.3090803@xxxxxxxxx> <20060905051552.GB27685@xxxxxxxxxxxxxxxxxxxxx> <44FD43B3.4050906@xxxxxxxxx> <87lkoy8wru.fsf@xxxxxxxxxxxxxxxxxxx> <20060905132114.GB27961@xxxxxxxxxxxxxxxxxxxxx> <87irk1fk6w.fsf@xxxxxxxxxxxxxxxxxxx> <44FEBBD6.8090000@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)

Alexey Melnikov <alexey.melnikov@xxxxxxxxx> writes:

> Simon Josefsson wrote:
>
>>Looking at specifications, RFC 2831 does not impose any limits on
>>maxbuf at all.  GSSAPI restricts maxbuf to be 0..0xFFFFFF because the
>>integer field is 3 bytes.  RFC 2831bis changes RFC 2831 and enforces
>>16 <= maxbuf <= 16777215.  I don't know where this minimum comes from?
>>  
>>
> Each SASL packet will have the 16byte long MAC.


>>      <t>The "client_maxbuf" field indicate the maximum protected
>>	buffer size the client can receive.  It MUST be 0 if the
>>	client doesn't advertise support for any security layer, the
>>	server MUST verify this.  Small values can make it impossible
>>	for the server to send any protected message to the client,
>>	due to the overhead added by GSS_Wrap, and the server MAY
>>	reject the authentication if it detects this situation.</t>
>>
>>      <t>The "server_maxbuf" field indicate the maximum protected data
>>	buffer size the server can receive.  It MUST be 0 if the
>>	server doesn't advertise support for any security layer, the
>>	client MUST verify this.  Small values can make it impossible
>>	for the client to send any protected message to the server,
>>	due to the overhead added by GSS_Wrap, and the client MAY
>>	reject the authentication if it detects this situation.</t>
>>  
>>
> That is fine by me. I would even change the last MAY to SHOULD.

Seems reasonable.  What do others think?

/Simon

References:
- WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Kurt D. Zeilenga
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Simon Josefsson
- Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
  - From: Alexey Melnikov

Prev by Date: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Next by Date: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Previous by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Next by thread: Re: WG Last Call: draft-ietf-sasl-gs2-02.txt
Index(es):
- Date
- Thread