Jeffrey Hutzelman wrote:
David Leonard wrote:Here are my comments about draft-ietf-secsh-gsskeyex-09.txt having worked with it to implement it in PuTTY a few weeks back.
[...]
* s3.7 "This packet should be sent ...": The word "should" be capitalized to clarify its meaning?Possibly. This text dates back to the original GSSAPI userauth draft, so perhaps Joseph Galbraith can shed some light on whether he intended this to have the force of requirements language.
Hmmm... I think I agree it should be SHOULD. I.e., no one should be slipping in extra packets between SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE and SSH_MSG_USERAUTH_SUCCESS unless they have a darn good reason. I'm actually tempted to say it should be MUST-- but that might be a bit too strong when one considers SSH_MSG_IGNORE and SSH_MSG_DEBUG. Thanks, Joseph