Re: SSHv2 GSS spec issue wrt gss error tokens

["Nicolas Williams [RU-CENTRAL]" <Nicolas.Williams%sun.com@localhost>]

Ugh, there are no major and minor status field in any messages other the
ones I think should be deprecated, so please ignore that part of the
below.

So, to rework this:

 - The SSH_MSG_KEXGSS_ERROR message should be deprecated

 - SSH_MSG_KEXGSS_CONTINUE should continue to be used as specified in
   the draft

 - SSH_MSG_KEXGSS_CONTINUE should also be used to send any GSS "error"
   tokens

 - SSH_MSG_KEXGSS_COMPLETE should continue to be used as specified in
   the draft

 - similarly for the SSH_MSG_USERAUTH_GSSAPI_* messages (why are they
   not named in a manner consistent with the SSH_MSG_KEXGSS_* messages?)

These changes should preserve backwards compatibility, though it is
conceivable that brittle clients speaking to servers implementing the
protocol in this way may well panic or crash.

Cheers,

Nico

On Mon, Nov 11, 2002 at 08:47:42AM -0800, Nicolas Williams [RU-CENTRAL] wrote:
> If the existing messages are not replaced and backwards compatibility is
> preserved, then the minor status code field should be deprecated and the
> major status code field should be constrained to carry only these three
> status codes: GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE and GSS_S_FAILURE
> (for backwards compatibility, but otherwise the major status code field
> should be ignored by clients); and the SSH_MSG_KEXGSS_ERROR message
> should be deprecated.  Similarly for GSS userauth.
> 
> Cheers,
> 
> Nico
> --