Re: gssapi-with-mic

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: gssapi-with-mic
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Fri, 5 Sep 2003 15:42:46 -0700

On Fri, Sep 05, 2003 at 01:18:08PM -0400, Jeffrey Hutzelman wrote:
> 
> 
> On Friday, September 05, 2003 09:51:10 -0700 Joseph Salowey
> <jsalowey%cisco.com@localhost> wrote:
> 
> >Hi Jeffrey,
> >
> >I think this looks reasonable. Just one nit, I assume integ_avail would
> >have to be checked when GSS_S_COMPLETE is returned since some mechanisms
> >may not have integrity services available until then.
> 
> Yes, that's the idea.  The text will be clear on this, as it is for key
> exchange.

There's always PROT_READY w/ partially established contexts - that can
save a 1/2 round-trip.  I'm not sure that I'd actually recommend this
though.  We have to work out some things about this in the KRB WG wrt
the new Kerberos V GSS-API mechanism.

Nico
--

References:
- RE: gssapi-with-mic
  - From: Joseph Salowey
- RE: gssapi-with-mic
  - From: Jeffrey Hutzelman

Prev by Date: RE: Case sensitivity on sftp servers
Next by Date: Re: Sftp: performance enhancing changes
Previous by Thread: RE: gssapi-with-mic
Next by Thread: Re: gssapi-with-mic
Indexes:

Home | Main Index | Thread Index | Old Index