gskeykex - Delete_sec_context() on re-key

To: ietf-ssh%netbsd.org@localhost
Subject: gskeykex - Delete_sec_context() on re-key
From: David Leonard <David.Leonard%quest.com@localhost>
Date: Thu, 1 Sep 2005 11:43:52 +1000 (EST)

I was reading through the secsh-gsskeyex draft again and it struck
me that when re-keying there is no message provision for passing back the 
possible token generated by a call to GSS_Delete_sec_context().

The result is that the protocol will leak unreachable context 
over a long session.

Has anyone hit this? I'm seeing something here where I think I'm 
exhausting the number of simultaneous contexts the GSS implementation
can handle.

d
--
David Leonard
Vintela Resource Central software engineer
Quest Software; Brisbane, Australia; www.quest.com
Phone: (US) +1 801 655 2755 
       (AU) +61 7 3023 5133

Follow-Ups:
- Re: gskeykex - Delete_sec_context() on re-key
  - From: Jeffrey Hutzelman

Prev by Date: Re: Russ's comments on draft-ietf-secsh-gsskeyex-10.txt
Next by Date: Re: New draft possibilities
Previous by Thread: Russ's comments on draft-ietf-secsh-gsskeyex-10.txt
Next by Thread: Re: gskeykex - Delete_sec_context() on re-key
Indexes:

Home | Main Index | Thread Index | Old Index