On Mon, 19 Mar 2007, Martin Rex wrote:
> An application that obtains a context token along with
a fatal routine
> error from one of the context establishment calls
(gss_accept_sec_context
> or gss_init_sec_context) is *NOT* required to send this
to the peer.
> It may do so, but it may also shutdown the
communication channel.
> I expect that a lot of applications will not actually
send such a token
> (ours doesn't).
Well, that depends on the specification of the application -
some
application protocols are as you describe, and some dictate
one choice or
the other. But the key point here is that CONTINUE_NEEDED
means that a
token is expected from the peer, and should not be returned
otherwise.
> Returning CONTINUE_NEEDED status when the mechanism
spec does *NOT*
> define a clear method how to continue the context
establishment
> handshake to successful completion is broken on my
scorecard.
Agree.
_______________________________________________
Kitten mailing list
Kitten lists.ietf.org
https:/
/www1.ietf.org/mailman/listinfo/kitten
|
