additional ACE flag required in SFTP draft?, speling and grammer fikses

[denis bider <ietf-ssh%denisbider.com@localhost>]

Hello Joseph, everyone -

I got around to continuing our SFTP v6 implementation, and I am now trying to synchronize my existing implementation (according to draft 10) with the latest version of the draft (12).

Among other things, draft 12 defines:


  ace-flag

    A combination of the following flag values.  See NFS Version 4
    Protocol [RFC3010] section 5.9.2:

    ACE4_FILE_INHERIT_ACE           0x00000001
    ACE4_DIRECTORY_INHERIT_ACE      0x00000002
    ACE4_NO_PROPAGATE_INHERIT_ACE   0x00000004
    ACE4_INHERIT_ONLY_ACE           0x00000008
    ACE4_SUCCESSFUL_ACCESS_ACE_FLAG 0x00000010
    ACE4_FAILED_ACCESS_ACE_FLAG     0x00000020
    ACE4_IDENTIFIER_GROUP           0x00000040


Unfortunately, when sending an ACL, the lack of an INHERITED value among these flags provides the server with no way to inform the client which of the included ACEs are inherited and which are defined explicitly for the object for which the ACL is being sent.

I propose that an additional ACE flag is required which will allow the server to convey to the client the information that a certain ACE is inherited (or isn't).


I would also like to report the following spelling/grammar errors - which probably is not an exhaustive list, but regardless. :)

 - "The ACE data structure is composes as follows:"
                              ^^^^^^^^

 - "If the both the INCLUDE and the PRESENT bit are set"
       ^^^

 - "but their are no ALLOW/DENY entries in the list"
        ^^^^^

 - "into a ACL"
         ^^^^^

 - "the clients intent"
        ^^^^^^^

 - "capabilities that the user may have in to allow"
                                        ^^?^^

 - "restore the file from backup medium"
                     ^^^^?^^^^^^^^^^^^^

 - "their may be other uses for this data"
    ^^^^^

Best regards,

denis