[25] in GSSAPI Development
Re: Towards a compromise on addresses in channel bindings
daemon@ATHENA.MIT.EDU (kannan@sejour.lkg.dec.com)
Tue Apr 30 18:40:10 1991
To: tytso@ATHENA.MIT.EDU
Cc: gssapi-dev@ATHENA.MIT.EDU
In-Reply-To: Your message of Tue, 30 Apr 91 16:56:32 -0400.
Date: Tue, 30 Apr 91 17:52:10 EDT
From: kannan@sejour.lkg.dec.com
>So allow me to modify my proposal to as follows:
>
>typedef struct channel_bindings_struct {
> OM_uint32 sender_addrtype;
> gss_buffer_desc sender_address;
> OM_uint32 receiver_addrtype;
> gss_buffer_desc receiver_address;
>#ifdef OPTIONAL
> gss_buffer_t appl_specific;
>#endif
>} channel_bindings;
Just curious ... why is the appl_specific in an #ifdef statement?
>If the appl_specific buffer really wanted, than I propose that we
>specify that 1) it is mandatory that the mechanism implement it, and 2)
>gss_init_sec_context implements it by signing the information in the
>buffer and including it in the token, and that gss_accept_sec_context
>performs a blind compare on the information. Since the information is
>"application specific", it would be nonportable to do anything else.
In addition ...
Regarding the appl_specific buffer, we should specify that 1) it should
not contain any sensitive keying information, and 2) it should be in
network byte order.
Also, doesn't the application need to pass the sender_address and
receiver_address in network byte order?
-kannan
