[17441] in Kerberos_V5_Development
Re: Future ASN.1 support
daemon@ATHENA.MIT.EDU (Ezra Peisach)
Sat Dec 10 12:02:19 2011
Message-ID: <4EE3905B.3000103@mit.edu>
Date: Sat, 10 Dec 2011 12:01:15 -0500
From: Ezra Peisach <epeisach@mit.edu>
MIME-Version: 1.0
To: krbdev@mit.edu
In-Reply-To: <CAK3OfOjgOsk=-Lz0qUJ8UBPM-TH3QMOHVwDR+VnSi7xo87nT8g@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Besides ABI types, etc. which I will leave for others to discuss, there
is the backwards compatibility issues.
I believe Heimdel has some issues with signed/unsigned integer encoding
(at least it did 4 years ago did) when the high bit was set... I think
something with nonce (where we mask with 0x7fffffff) and sequence
numbers where we do/don't follow the spec. (see lib/krb5/krb/privsafe.c
for some history).
Also look at asn1_decode_maybe_unsigned... MIT used to use signed
sequence numbers - don't know how far back - the comment in the code
does not tell...
Move forward with whatever implementation you would like - but be
careful about these compatibility issues and how hard it will be to
override the implementation in a few key places...
Ezra
The MIT code has a number of compilation options On 12/9/2011 5:22 PM,
Nico Williams wrote:
> On Fri, Dec 9, 2011 at 2:49 PM, Sam Hartman<hartmans@mit.edu> wrote:
>> I'm not sure this is a good idea but we could take take the hit of an
>> ABI bump and change some of our types.
> It's a very good idea in one sense: it will let you make opaque,
> extensible types out of a lot of currently-part-of-the-ABI types.
>
> It's a bad idea in another sense: it will break source compatibility
> with a lot of apps, and will cause a lot of grumbling.
>
> But then, the crappy ABI can be dealt with in two
> backwards-compatibility preserving ways: 1) add new APIs and types as
> needed, 2) push app developers to use the GSS-API. (2) is
> particularly good.
>
> _______________________________________________
> krbdev mailing list krbdev@mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
