Re: WG Last Call: draft-ietf-sasl-gs2-14

[Alexey Melnikov <alexey.melnikov@xxxxxxxxx>]

Simon Josefsson wrote:

> Alexey Melnikov <alexey.melnikov@xxxxxxxxx> writes:
>  
>
> > Simon Josefsson wrote:
> >    
> >
> > > Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:
> > >      
> > >
> > > > Jeff Hutzelman points out that RFC2744 specifically requires that all
> > > > gss_buffer_t outputs be released.  That wouldn't bother me at all here
> > > > (we'd have to say that draft-ietf-sasl-gs2 updates RFC2744), but,
> > > > RFC5587 (draft-ietf-kitten-extended-mech-inquiry, in AUTH48) had a
> > > > chance to do that and didn't, so I'd say that these output buffers
> > > > should be released by the app.
> > > >        
> > > Good catch, I have removed the paragraph.  How memory should be managed
> > > by applications (i.e., they have to be released) then follows directly
> > >
> > > from the normative RFC 2744 and GS2 shouldn't say anything about it.
> > >      
> > >
> > > Alexey, I hope this resolves your question.
> > >      
> > Can we say that informatively in the document, considering that this
> > mistake was done before?
> >    
> Yep, the variable descriptions now follows the style used by RFC 2743 to
> document this, e.g.:
>
>   o sasl_mech_name UTF-8 STRING -- SASL name for this
>     mechanism; caller must release with
>     GSS_Release_buffer()
>
> Is this clear enough?
>  
Yes.