Re: SSHv2 GSS spec issue wrt gss error tokens

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Mon, Nov 18, 2002 at 05:15:33PM -0500, Jeffrey Hutzelman wrote:
> On Mon, 18 Nov 2002, Nicolas Williams wrote:
> 
> > Why is this optional?  (To provide for error obfuscation?)  It should be
> > recommended, not merely optional.
> 
> Yes, that's the idea.  We can argue about which messages should be
> recommended vs optional.  I'm inclined to make sending the error token via
> a continue message recommended but not required, and make the error
> message optional.

Ok.  I vote for recommended (SHOULD).  A note should be made about not
sending error tokens for error obfuscation.

> > BTW, GSS-API ought to provide a feature for error token obfuscation.
> > Better to let the mechanism determine what error information to send
> > than to let the GSS application get away with not sending error tokens.
> 
> Not necessarily.  The application may be in a much better position to
> detect an ongoing attack than is the GSSAPI mechanism.  In any event, the
> GSSAPI currently does not have such a feature, and this is not the forum
> in which to discuss fixing GSSAPI.

Indeed.  I mentioned that apropos the subject in question.  Arguably the
fact that GSS-API does not provide for error obfuscation does not
license applications to violate the spirit and letter of the GSS specs.
That said this is a minor, tolerable violation, provided it is
intentional (thus my vote for recommending that error tokens be sent).

> > That brings up another question: do the various SSHv2 drafts
> > consistently provide for error code obfuscation where errors are sent on
> > the wire?  Should GSS-keyex be consistent with the other SSHv2 drafts on
> > this?
> 
> I think if you read over the drafts, you'll find that in most cases, no
> mechanism is provided for passing specific error information back.


Yeah, ok.

Thanks,
  
Nico
--