Re: [GNU Crypto] exception on multiple SaslConnection.send() calls

gnu-crypto-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU Crypto] exception on multiple SaslConnection.send() calls

From:	Bryan Hoover
Subject:	Re: [GNU Crypto] exception on multiple SaslConnection.send() calls
Date:	Thu, 09 Dec 2004 18:37:13 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim Basney wrote:

> Bryan Hoover <address@hidden> wrote:
> > Jim Basney wrote:
> >
> > > Bryan Hoover <address@hidden> wrote:
> > > > Jim Basney wrote:
> > > > > Am I doing something wrong?
> > > >
> > > > Don't comment the reconnect call :).  If possible, the existing 
> > > > connection will be reused,
> > > > so "reconnect" is in a sense, a bit of a misnomer.
> > >
> > > Hmmm.  SaslConnection.reconnect() calls disconnect() then connect(),
> > > which creates a new Socket().  Watching the network with ngrep, I see a
> > > new TCP socket connection after the SaslConnection.reconnect() call.
> >
> > Well, statelessness protocals, and all that you know.
> >
> > But the security session -- that's the time consuming thing you want to 
> > reuse if possible, and
> > that what the lib does, unless, for instance, it's been to long, and 
> > session timed out.  Then
> > you have to renogotiate the security layer -- basically start all over like 
> > a first time
> > connection.
>
> You're saying that I can only call SaslClient.wrap() once, after which I
> have to go through the SaslClient.evaluateChallenge() loop again?

I don't know.

My experience with the routines, and the protocol really, is limited. I helped 
in making passwords
immutible, and have used the routines for stateless authentication -- connect, 
and subsequent
connection with a new socket, with the subsequent connection(s) resulting in 
security session reuse.

BTW, if you go back through evaluateChallenge, the call should not result in 
renegotiation, but
rather, reuse of the preexisting security context.

Assuming you haven't already done it, you might want to google on 'sasl srp 
protocol', and read up
on the ins, and outs of that.

Bryan

> -Jim
>
> _______________________________________________
> gnu-crypto-discuss mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/gnu-crypto-discuss

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32) - GPGrelay v0.955

iD8DBQFBuOGq38ZFbCo67y4RAtHFAJ4ltztnNJsVJMQJXlwQDjd3HyMhHACgzUkS
YbRnMCv/CH3tkPSD6fE8yN4=
=XAC/
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[GNU Crypto] exception on multiple SaslConnection.send() calls, Jim Basney, 2004/12/08
- Re: [GNU Crypto] exception on multiple SaslConnection.send() calls, Bryan Hoover, 2004/12/08
  - Re: [GNU Crypto] exception on multiple SaslConnection.send() calls, Jim Basney, 2004/12/08
    - Re: [GNU Crypto] exception on multiple SaslConnection.send() calls, Bryan Hoover, 2004/12/08
    - Re: [GNU Crypto] exception on multiple SaslConnection.send() calls, Jim Basney, 2004/12/08
    - Re: [GNU Crypto] exception on multiple SaslConnection.send() calls, Bryan Hoover <=
    - Re: [GNU Crypto] exception on multiple SaslConnection.send() calls, Jim Basney, 2004/12/15
  - Re: [GNU Crypto] exception on multiple SaslConnection.send() calls, Bryan Hoover, 2004/12/08

Prev by Date: Re: [GNU Crypto] exception on multiple SaslConnection.send() calls
Next by Date: Re: [GNU Crypto] exception on multiple SaslConnection.send() calls
Previous by thread: Re: [GNU Crypto] exception on multiple SaslConnection.send() calls
Next by thread: Re: [GNU Crypto] exception on multiple SaslConnection.send() calls
Index(es):
- Date
- Thread