On stream-based GSSContext methods in RFC 5653
Wang Weijun
weijun.wang at oracle.com
Mon Mar 16 03:46:46 UTC 2015
Hi All
I discussed with my colleagues on the stream-based methods and we think they are not well-designed:
1. A library should not define a wire protocol and assume the peer is using the same. http://tools.ietf.org/html/draft-ietf-kitten-gss-loop-05 requires the application to define it.
2. It's impossible to implement these methods correctly when the mechanism token has no self-framing or the library has no knowledge of the token format (for example,
as a bridge talking to another GSS library).
Therefore, I propose to deprecate these methods in an I-D. By deprecation, I'd like to remove the methods from the main content and describe the reason in a "Changes since RFC 5653" section. The specification for the methods will be moved to an appendix or the "Changes since RFC 5653" section will contain links to sections inside RFC 5653.
In Oracle JDK and OpenJDK, we would like to mark these methods as @deprecated. The existing implementations will be still supported.
Thanks
Max
More information about the security-dev
mailing list