Proposal to export gssapi context

Sam Hartman hartmans at MIT.EDU
Wed Mar 24 15:41:34 EST 2004

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> On Wed, Mar 24, 2004 at 03:27:45PM -0500, Sam Hartman wrote:
    >> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:
    Nicolas> On Wed, Mar 24, 2004 at 02:49:38PM -0500, Sam Hartman wrote:
    Sam> I don't think having a macro for the current version in a public
    Sam> header is a good idea.  People might use it and failing to think of a
    Sam> way of using it that would be correct.
    Sam> The version number should be in the structure name.
    Nicolas> IIRC I convinced Sam on the phone that it is entirely possible to have
    Nicolas> an interoperable standard for exported context tokens for the Kerberos V
    Nicolas> mechanism.
    >> But you didn't convince me we were doing that nor that we should be
    >> doing that for this application.
    >> The NFS implementation would rather deal with a C struct than
    >> something they have to parse.  That's clearly outside the scope of the
    >> IETF.

    Nicolas> For an Internet-Draft I'd insist on ASN.1.  

Agreed, ASN.1 for the ID.

    Nicolas> For this purpose I think XDR
    Nicolas> is quite appropriate (newsflash: the NFS implementation already uses XDR
    Nicolas> in the kernel :)  so using XDR here does not add any significant burden
    Nicolas> on the kernel).

But does one non-standard approach have a significant cost over
another?  I.E. what do we gain by adding a parsing step here if we
aren't going to standardize it?

More information about the krbdev mailing list