[kitten] Fwd: Kitten Digest, Vol 104, Issue 14

Sam Hartman hartmans-ietf at mit.edu
Wed Aug 28 14:47:53 UTC 2013


>>>>> "Mayank" == Mayank Upadhyay <mayank+ietf-kitten at google.com> writes:

    Mayank>    Hi Weijun, You point out a legitimate problem, but I want
    Mayank> to understand a couple of assumptions: 1. Why allow only
    Mayank> initSecContext() and acceptSecContext() to have this new
    Mayank> behavior? Imagine a mechanism built on top of TLS which is
    Mayank> renegotiating the session intermixed with actual payload,
    Mayank> and had some error it wanted to communicate to the peer
    Mayank> (e.g., a TLS Alert). Is there any particular reason you'd
    Mayank> like to avoid that scenario?  2. I didn't quite follow the

Hi.
RFC 2743 doesn't allow the abstract wrap or getmic apis to generate an
error token.
I'd object to adding that behavior to the java bindings without adding
it to the abstract API.
So, for the current abstract API, only initSecContext and
acceptSecContext can have this issue.



More information about the security-dev mailing list