On Thursday, September 01, 2005 11:43:52 AM +1000 David Leonard <David.Leonard%quest.com@localhost> wrote:
I was reading through the secsh-gsskeyex draft again and it struck me that when re-keying there is no message provision for passing back the possible token generated by a call to GSS_Delete_sec_context().
That's correct. When you're done with a context, which in this protocol means pretty much as soon as key exchange has completed successfully, you can just call GSS_Delete_sec_context() without an output token buffer, regardless of whether you are the client or server. The only purpose of an output token from this call is to signal _via a context token_ that the context should be destroyed. In this protocol, you don't need to do that, because you always know out-of-band when the context can be deleted.
The result is that the protocol will leak unreachable context over a long session.
Only if you fail to call GSS_Delete_sec_context() with a context when you are done using it. Note that you do _not_ need to keep the context around for the life of the session -- it's only used during key exchange.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA