[23] in GSSAPI Development
Re: Towards a compromise on addresses in channel bindings
daemon@ATHENA.MIT.EDU (John Wray, Secure Systems Developm)
Tue Apr 30 17:42:08 1991
Date: Tue, 30 Apr 91 14:09:28 PDT
From: "John Wray, Secure Systems Development, DTN 226-6106 30-Apr-1991 1658" <wray@ultra.enet.dec.com>
To: gssapi-dev@Pa.dec.com
Ted writes:
>One other thing, while I'm on the subject. It would be nice if the C
>binding spec indicated what things are mandatory for the mechanism
>implementor and which things are optional. For example, time_req and
>time_rec in gss_init_security_context(). Neither Kerberos (or SPX, so
>I'm told) has any concept of the length of time that a security context
>is valid. What is a valid thing for the implementor to do? Ignore
>them?
I guess we need a convention to mean "indefinite". How about returning -1 in
this case?
Really, though, no context should be considered valid after the credentials
with which it is established have expired. This should put an upper limit on
the context lifetime. The system/security manager may also be able to
configure the mechanism to impose a lower lifetime on contexts. Finally, the
time_req input parameter allows the application to request a shorter period.
This only really makes sense if the authentication mechanism enforces the
lifetime (by refusing to perform sign/seal operations on an expired context).
If a given mechanism doesn't support this, then I guess it should return
"indefinite" for the time_rec parameter.
John
