RFC 4121 - Context Deletion Tokens

Srinivas Cheruku srinivas.cheruku at gmail.com
Thu May 6 06:25:09 EDT 2010



>From RFC 4121:

4.3.  Context Deletion Tokens


   Context deletion tokens are empty in this mechanism.  Both peers to a

   security context invoke GSS_Delete_sec_context() [RFC2743]

   independently, passing a null output_context_token buffer to indicate

   that no context_token is required.  Implementations of

   GSS_Delete_sec_context() should delete relevant locally-stored

   context information.


whereas according to RFC 1964, a context deletion token similar to that of
MIC token but with the corresponding TOK_ID for context deletion token. This
context deletion token can be sent to the peer and the peer can delete its
context indicating closing of session.


But how would this work when using new token format as defined in RFC 4121.
How can a peer ask another peer to end the context/session?


>From MIT code, I found that the code is using the TOK_ID as below and using
the same token format as MIC Token for newer encryption types also which is
not specified in RFC 4121 - Why?

#define KG2_TOK_DEL_CTX         0x0405


I am confused? Can anyone help me understand the context deletion tokens
better when using newer encryption types?



More information about the krbdev mailing list