[AFS3-std] Re: rxgk CombineTokens and enctypes

[Andrew Deason]

On Mon, 26 Nov 2012 15:18:39 -0500 (EST)
Benjamin Kaduk <kaduk@MIT.EDU> wrote:

> I have new commits up at https://github.com/kaduk/openafs/commits/prot
> (HEAD is 67b21de).

> d879f84 Remove channel-binding

+1

> a80abb9 New CombineTokens prototype

Typo:

+          <t hangText="GXGK_CT_PRINTED">One or more of the supplied tokens

Should be RXGK_CT_PRINTED. Also, the new registry should be mentioned in
a 'AFS-3 Registry Considerations' section, and the details of this and
the values should probably be moved there.

Otherwise, +1.

> 6e8edde Allow key version number to wrap at 16 bits

I'm not sure I see the point of making this optional, but okay. Nits at
the language, though:

+        If rekeying would cause this value to wrap, then the key version number
+        can be stored locally

"MAY be stored locally", I think?

+        key version number would wrap, that endpoint must terminate the
+        connection.

"MUST terminate the connection"

> 6f75718 Tokens SHOULD NOT expire late

+1

> 67b21de Add Security Consideration for token expiry

Isn't this missing a trailing "</section>" for the added 'Token Expiry'
section? Otherwise, +1.

-- 
Andrew Deason
adeason@sinenomine.net