Editor's note: These minutes have not been edited. ONC RPC (ONCRPC) Working Group Minutes, San Jose IETF, December 1996, reported by Steve Nahm (Sun Microsystems) The working group met in one session on Monday. Ted Tso (MIT) and Steve Nahm co-chaired the meeting. STATUS OF WORKING GROUP DOCUMENTS There are three RFCs currently at Proposed Standard: RFC1831: RPC: Remote Procedure Call Protocol Specification Version 2 RFC1833: Binding Protocols for ONC RPC Version 2 RFC1832: XDR: External Data Representation Standard Each of these were requested to be elevated to Draft Standard in September. After review by IESG, the core RPC specifications were held to be incomplete because they did not include a strong authentication mechanism. IESG required that such a mechanism be submitted prior to advancing the core RPC specifications. This requirement does not apply to XDR, and that document is currently pending advancement to Draft Standard. Other documents currently active: draft-ietf-oncrpc-remote-02.txt (RPC) draft-ietf-oncrpc-rpcbind-01.txt (RPC Binding) These are revisions to RFC1831 and RFC1833 based on Montreal WG input. There are no known outstanding WG issues with these documents, which was the specifications which were submitted for advancement to Draft Standard. IESG offered to recycle these specifications as Proposed Standards. The concensus of the working group was that this was not necessary, and the drafts would be resubmitted when the security specification is ready, unblocking the core RPC specifications for advancement to Draft Standard. draft-ietf-oncrpc-auth-02.txt (Authentication Mechanisms) There are no known outstanding issues with this document. It too is being withheld pending progress on the IESG requirement. This draft is intended to be submitted as an Informational RFC. draft-ietf-oncrpc-rpcsec_gss-01.txt (RPCSEC_GSS) Mike Eisler, Editor This draft is the basis for satisfying the IESG's requirement. It is discussed further below. NEW WORKING GROUP CHARTER The charter of this working was revised since the last meeting. The primary change was the addition of language to include work on developing a security mechanism which satisfies the IESG requirement. The working group believes that the RPCSEC_GSS mechanism satisfies this requirement, and the new timetable reflects this. Refer to the ONC RPC WG Charter for additional details. SUMMARY OF ISSUES WITH RPCSEC_GSS Mike Eisler presented a summary of the issues raised via the mailing list on draft-ietf-oncrpc-rpcsec_gss-01.txt (RPCSEC_GSS). His slides are included in the proceedings. The issues which Mike considers as RESOLVED are: 1) Clarify description of Context Management (section 5.3.3.1) to emphasize "that the integrity check on an incoming message is to be validated before adjusting the receive window in response to the incoming message's sequence number." 2) Rename RPCSEC_GSS_NOCRED and RPCSEC_GSS_FAILED error code names to avoid confusion with GSS API's GSS_NO_CRED and GSS_FAILURE. Mike also agreed to try to define the mapping between specific GSS-level major status codes and the corresponding RPC layer error codes. 3) Clarify section 5.2.2.1 language regarding generation of session handles. Mike omitted a "not" in the confusing sentence. He proposed that the offending sentence be deleted from section 5.2.2.1; the working group consensus agreed with this. 4) Clarify section 6.2 to explain that there is an attack possible where the attacker sends fake requests above the sequence number window, which will not be rejected by the sequence number check, but will force the server to validate the header checksum and fail. Mike agreed to clarify this section. DISCUSSION OF UNRESOLVED ISSUES WITH RPCSEC_GSS Ted Tso led the review and discussion of the unresolved issues, using Mike's slides as the starting point. 1) John Linn had observed on the mailing list that there is no facility within RPCSEC_GSS to negotiate what GSS-API mechanism to use, so mechanism selection must be a) static; b) performed out-of-band or c) negotiated within the GSS layer. An anonymous commenter wrote to Mike Eisler that without a means to negotiate quality of protection (QOP) of authentication flavor, ONC RPC will not meet his needs. Marc Horowitz stated that negotiation of mechanism should be done within the GSS layer. John Linn clarified that he didn't mean to imply through his comment that there had to be a negotiation mechanism in the proposal. Ted stated that the CAT working group believes there is a potentially useful means to negotiate mechanism being implemented within GSS and that free code is available. The concensus of the working group was to not hold back draft due to this issue. 2) Several issues were raised regarding specification of QOP and service values. The initialization phase of RPCSEC_GSS allows the client to specify a QOP and service. John Linn asked on the mailing list whether the RPC layer is expected to choose these, or whether the relevant GSS mechanism ID will be reflected up to the user/application/caller of the RPC layer to allow it to select a QOP suitable to the prevailing mechanism. Mike explained that the API is expected to provide mechanism selection input/output to the client and server. He is willing update the draft to reflect this. Further discussion questioned the benefit of specifying the QOP and service in the init request. A simplifying proposal was made by Marc to drop QOP and service specification from rpc_gss_init_arg and to integrity protect seq_window using the "default" QOP in the final (GSS_S_COMPLETE) rpc_gss_init_res response. This addresses Barry Jaspan's suggestion that the seq_window be protected to avoid denial of service attacks that would use that field. The consensus was to do this. 3) Marc stated in mail to the list that the version negotiation procedure seems complex. He proposed to delete it. Mike supported this stating that we could invent a negotiation mechanism later when/if additional versions of RPCSEC_GSS are defined. Concensus was to do delete version negotiation. 4) Marc suggested in mail to the list that gss_wrap() be used for both integrity and encryption, rather than using gss_get_mic() for integrity and gss_wrap() for encryption. Mike stated that gss_get_mic() was used for integrity to avoid an unnecessary byte copy. Marc conceded the efficiency issue and was willing to drop this issue. 5) Marc stated in mail to the list that section 5.2.1 text is misleading and should be corrected. After discussion with those present, Mike agreed to correct the wording, dropping the phrase "for those mechanisms that require context creation messages." 6) Marc asked why gss_proc is not an enum. Mike agreed that it should be an enum. 7) Marc stated in mail to the list that V2 GSS-API names should be used by this draft. Mike queried Allison Mankin about the status of the GSS-API V2 draft. She said that it's in the queue, and that since the RPCSEC_GSS draft would be behind GSS-API in the RFC queue, it would be safe to use the V2 names. 8) Allison asked whether the working group believed that the issues raised by Keith Moore are resolved. Keith believes that the specification should state that certain mechanisms must be supported in order to be compliant. Marc felt that each RPC application will need to determine what is appropriate for it. What's right for one RPC application might not be right for everything else. John Linn said that the mechanism to use largely falls out of the operation environment in which the application is running. Allison said that she thinks we should specify a minimum level of security. Marc observed that we can't prevent insecurity at user's sites. Putting such a requirement into the specification may have an effect on vendors, but user don't have to use it. Ted proposed that we put a statement in the core RPC specs that implementation of RPCSEC_GSS standard is required. Allison asked if this meant specifying the actual mechanism to use (Kerberos, or public key, or something else). John stated that he would like to see statement like: "For Internet Standard purposes, implementation of RPCSEC_GSS under one or more GSS-API standard mechanisms." Allison asked, shouldn't we give specific advice to implementors as to how to approach this area? Ted said that this is largely an infrastructure issue. How can we give advice when we don't know what infrastructure is supported? Mike said that NFS would have to define the security mechanism it can use in its own specification. John asked how this issue has this been handled before? Ted said that IMAP POP3 use of GSS-API was specified in a separate RFC that made no statements about requirements. Roland Schemers asked if CAT could be requested to develop a lightweight GSS mechanism to avoid the infrastructure issue. Allison wants a statement in the core RPC specification that RPCSEC_GSS is required to be implemented. Then, the RPCSEC_GSS specification should state that when you reference it, you must also state what mechanism you support. Brent Callaghan, who is holding an NFS BOF later in IETF, agreed to raise this issue at the NFS BOF. Ted observed that even having a base set of mechanisms, you still may not have parties sharing a mechanism. He said that IESG should consider specifying what mechanisms are to be used within the Internet. Allison agreed that this would be a good idea. ---------- X-Sun-Data-Type: default X-Sun-Data-Description: default X-Sun-Data-Name: sxn-ietf-sanjose-slides.ppt X-Sun-Encoding-Info: uuencode X-Sun-Content-Lines: 366 begin 600 sxn-ietf-sanjose-slides.ppt M[=ZM"P, !%%P 4 Q%\T_ !0 $\ *!< "@ !Y 6P $ ! M P!8 $ @ " " @ " ( M@ @( @(" ,# P #_ /\ /__ /\ _P#_ #__P#___\ ____ M____________________________________________________________ M________________\/__________________________________________ M__________________________________________#_________________ M____________________________________________________________ M____________________________________________________________ M_________________________________O__________________________ M__________________________________________________________#_ M__________\/\/ /#P__________________________________________ M_____________P _______P____________#P /________________ M______________________________________\ /______\/__________ M\/#P /#___________________________________________________ M____ #_______#_____________________________________________ M_______________________________________P_________P M / M____\ /____\/____________________________________________ M________________________#_____#_________#___________________ M_________________________________________________P_____P____ M_____P______________________________________________________ M______________\/____\ /____\/____________#_______________ M________________________________________#_____#_________#___ M#P\ / \ /________________________________________________ M_____P_____P_________P\/_P \ #P\ \/#_______________________ M______________________________\/____\/________\/__\/#___\ __ M________________________________________________________#___ M__#_________#_______________________________________________ M_____________________P_____P_________P______________________ M______________________________________________\/____\/______ M__\/_________________________________P____________#_________ M____________#_____#_________#_______ /\ \ \ / /\ \ #P M\ / /#_#P \ \ #_ \ _______________P_____P /_______P______ M_P#P\ #_#P \ /#P\/ #P \ #P#P\/#P \ \ \/ #P____________ M__\/____\/________\/______\/#_#P_P /#________P\/_____P#___#_ M_P__#_____#_________________#_____ _P#_____#_______________ M_____________________________________________________P_____P M_________P__________________________________________________ M__________________\/____\/________\/__________________#_____ M____________________________________________#_____[_________ M#___#P /#P#P#_ _P#P#P /#P#P\/ / \ #P#P#___________________ M_________P_____P_________P\/_P\ #P \ \/#_#P\/#P#P#P#_\/#P / M #P\ ____________________________\/______________\/__\ \/__ M__\/____\/____\ \/_P\ #P#_____#_____________________________ M#_____#_________#___________________________________________ M_________________________P_____P_________P__________________ M_P____#___________________________________________\/_____O__ M______\/_______P\ #_#P\/\ \ / \ #_ \ __________________ M________________#_____#_________#_______\ \ _P\ _P\/ / / M \/ #P_________________________________P_______________P__ M_____P#_\/ /__________ /__#___#_____________________________ M______\/____\/________\/____________________________________ M________________________________#_____C_________#___________ M_________________________________________________________P__ M___Z_________P_______P___________________P__________________ M______________________\/____\/________\/__\/#_ /#P /_P /\/ M#P /\ \/\ /#_ /\/ #_ / /________________#___________ M____#P__ \/#P#P#_#P_P\ \ \ /#_ / _P\ \/_P_P\/_P / #___ M_____________P_____X_________P___P#___________________\ ___P M#P#P #_\ _P /\/____________________\/____\/________\/____ M____________________________________________________________ M____#_____\"" #_____#_______________________________________ M_____________________________P_____U_________P______________ M____________\/___P____________________________________\/____ M\/________\/______\ #P /#P\ \/#_\ \ #P\ /\/ \/\ ______ M____________________#_____S_________#_______ \ / / / _P\ M \ \ \/#_ #_#P\ #P_________________________P_____X________ M_P_______P\/ /_P_P_P________\ ______________________________ M__________\/____\/________\/________________________________ M____________________________________#_______________#_______ M____________________________________________________________ M_P_____P_________P____________\/____________________________ M__________________________\/____\/________\/__\ \ / /\ M\ \/\ #_#P#_\/ #P \/\ #P\ #_______________________#_____#_ M________#P__#P #P#P\/ / \/\ #__P_P\/\ /#P \ \/______ M_________________P_______________P___P#___________#P#P#P /#_ M /_P /\ ______#_________________________\/______________\/ M____________________________________________________________ M________#_____#__P#_____#__________________________P________ M_________________________________P_____P_________P_______P / M \/#P #_ / /\ #P_P #_____________________________\/ M____\ ______\/______\/ / _P / \/ #P#P#P /\/#P /#_____ M________________________#_____#_ #_____#_______ /____\/#_#_ M_______P#________________________________________P______ /\ M_____P______________________________________________________ M______________\/____\ #_______\/____________________________ M________________________________________#_____#__P#_____#___ M______________#______P______\/________________\/___________P M_____P_____P_________P___P #_ \ \ \ /_P\ #P /#P\ _P\/ M#P #P#_#P#_ #_ /\ __\/____\/________\/#_\ \ \/ / M \/#_ / \ #P#P / /\ / #_#P #P_P#P\/#P \/\/ /#P\/__#___ M__#_________#___#_____#___#____P#___#_______#_#P____ ______ M_P_____P__\ #________P_____P_________P______________________ M______________________________________________\/____\/______ M__\/________________________________________________________ M____________#_____#_________#_______\/______________________ M____#________________________________P_____P_________P___P\ M#P#P#P\/ /\ _P#P_P #_ #P\ ______________________________ M__\/____\ #_ /____\/#_\ \ \ \ \/#P#P /\ \ \ _P \/ /____ M____________________________#_____#_________#___\/__#______P M\/__#___ /#______P#__________________________________P______ M__\ _____P__________________________________________________ M__________________\/_____O________\/________________________ M____________________________________________#_____#_________ M#___________________________________________________________ M_________P_____P _____P__________________________________ M__________________________________\/____\/________\/________ M____________________________________________________________ M#_____#_________#___________________________________________ M_________________________P_____P_________P__________________ M__________________________________________________\/____\/__ M______\/__________________________________________\ ________ M________________#_____ /______#_______________ /#_#_\ \/#P M___P#_#P__\ _P_P#_\ #P#P _______________P_____P_________P__ M____________\/\ \ \/__#P\/_P___P \/\/_P#P _P\ \/#_________ M______\/____\/\ /____\/______________#_ \/#__P /#P\/__\/ / M#___\ \ \ \ _P ________________#_____#_________#___________ M____ \/#_ /\ #P /\ _P\/#_ /__\/_______P_________________P__ M___P_________P______________________________________________ M______________________\/____\/________\/____________________ M________________________________________________#_____#_____ M____ M _____P________________________________________ M____________________________________________\/______________ M____________________________________________________________ M__________ ________________________________________________ M___________________________________P________________________ M____________________________________________________________ M\ ________________________________________________________ M__________________________#_________________________________ M___________________________________________________P /\ ____ M____________________________________________________________ M________________\/____\8 " Q1D (#=&0 0 @-T9 " M'1H &H# ( =&@ )@ @(<= @ " K1T !@ (#-'0 @.4= ! M " Y1T ( E'@ X@, @"4> F " !R( " ( M(@ & @$TB M " 92( $ (!E(@ @*4B "F P" I2( "8 (!+)@ ( M@'$F 8 " D28 ("I)@ 0 @*DF " Z28 '0# (#I)@ M)@ @%TJ @ " @RH !@ ("C*@ @+LJ ! " NRH (#[ M*@ U $ @/LJ F " SRP " (#U+ 8 @!4M 6 " =2T !@ M ("++0 @*,M "@ " HRT (!#+@ @, @$,N F " 13$ M (!K,0 0 @&LQ " JS$ $X! ("K,0 )@ @/DR @ " M'S, !@ ( _,P @% . !R " M "J]BWY5@FC^O__) /__ #_E0#__V0 0!D M $ $0 $].0R!24$,@5T<@06=E;F1A P $0 ! 0 !$ "0 M # 8 !$ < $ 1 /^5 /__9 ! &0 M 0 R " "J]IW[A@ES!O__& /__ '_E0#__V0 M !D !0 $ 00$ $%S ?^6 /__9 0 &0 % *0 '_ ME0#__V0 !D !0 !@ !_Y8 __]D ! 9 4 M @ ?^5 /__9 &0 % * '_E@#__V0 M $ !D !0 H !_Y4 __]D 9 4 $ M @ ( @ D 0 0#__P$ 1 ,# 0 ,P$#QP M!0 +(. #__P ! ( @#_____ ' P M 0!!!W#V$/F0"4WZ 00 0$! ( _?\ #0"_Q8! $$#H/8 ^L ) MD 8!! ! 0$ @ #]_P K C_%@X ": $ . !R " "J M]BWY5@DP^O__) /__ #_E0#__V0 0!D $ M#@ $].0U)00R!71R!);F9O# . $ ! #@ ) , M !@ #@ !P 0 X _Y4 __]D $ 9 ! #( M ( -KV'?J&"7,&__\8 __\ ?^6 /__9 0 &0 % M 0!U 0 0VAAF4@3TY#(%)00R!P ?^6 /__9 M 0 &0 % )@ '_E@#__V0 $ !D !0 "H M !_Y8 __]D ! 9 4 + "0 ( @# 0#_ M_P$ T "0 ( D * " 'P%#QP' # 8 $! M ( @#_____ ' P 0!!!W#V$/F0"<#Z 00 M 0$! ( _?\ ,0,_Q8! $$#&ES=&EN9R!P2!A;F0@ M<')I=F%C>0U4:6UE=&%B;&4-1F5B(#DW"5-U8FUI="!24$-314-?1U-3(&%S M(%!R;W!O 1" . !R " "J]BWY5@ES M^O__) /__ #_E0#__V0 0!D $ $0 $]. M0R!24$,@5T<@1')A9G1S P $0 ! 0 !$ "0 # 8 M !$ < $ 1 /^5 /__9 ! &0 0 R " M "J]JWZ5@ES!O__& /__ '_E@#__V0 $ !D !0 M $ /P$ &1R869T+6EE=&8M;VYC6QE'0@ M , /^5 /__9 @ &0 '@ #0 #_E0#__V0 M , !D !X L _Y4 __]D $ 9 > N M + ( @#/#P$ #__P$ !P $ M *P +0##QPE M*@ "\ B $ ( @#_____ ' P M X U ,P $ O_______P M[ LT ,@ *P$#QPQ #8 4 ( M ( @#_____ ' P X \ .@ M #/#________P "@ $ [ .0 +0$#QPX #T M $ , 8!*AP _W\ 0 !?#S\ @ 6<0W.??&YP# M#QP ( $@ 4 "0 )@ V #@ 2 ! , 0 ( -@ #4 2 !T ) O #8 ,0 M!8 $ P! @ 8"T* ( _W\ 0 #G) P 00 < 0@ @ D M% 0_"@ 0 $;8WQ8 " 7"@ ! ( 3\* _"G08 M " (_"@ '0\,L0 %@ ________60 * @ 1 M 0 ! $ 0 ! M $ 0 ! /W_ 9 !D &0 0 ! \7?ER ' %@ M________60 $ &B1:)%HD5D 1 !'85N/\OTS %*X M \ [/P& ?8H!0#8SMC.V,[]_P &0 9 !D $ 0 /%[Y9@ M!P!8 /_______UD ! !HD6B1:)%9 $0 1V%;C_+],P M !2N / .S\!@'V* 4 V,[8SMC. 8 8 0( _W\ 0 #?) ( 1@ < M1P "0##QQ4 P\<% ,/' <@ !@ ) , ) , M ) , ) , ) , #_E0#__V0 M 0!D _Y4 __]D ! $ 9 M /^5 /__9 @ ! &0 #_E0#__V0 , M 0!D _Y4 __]D $ $ 9 0 R M !^ 8 0 8 0 8 0 4 M 0 4 0 ?^5 /__9 &0 % M '_E@#__V0 $ !D !0 !_Y4 __]D " M9 4 ?^6 /__9 P &0 % '_E0#_ M_V0 0 !D !0 #( 'X P ! P M ! P ! P ! P ! M_Y4 __]D 9 > /^5 /__9 0 &0 M'@ #_E0#__V0 ( !D !X _Y4 __]D M # 9 > /^5 /__9 ! &0 '@ M /__,@ ?@ $ '@ $ $ '@ $ $ '@ $ M $ '@ $ $ '@ $ !4!E0 &0 !D !0 M_O\ 5 94 !D ! 9 4 /[_ %0&5 9 M @ &0 % #^_P !4!E0 &0 , !D !0 _O\ M 5 94 !D $ 9 4 /[_ S !^ 8 0 M 8 0 8 0 8 0 8 M 0 /^5 /__9 &0 #_E0#__V0 M $ !D _Y4 __]D " 9 M /^5 /__9 P &0 #_E0#__V0 0 !D M ! $ ! 0$$ $ @ $ # , 0 M 8 4#@0 _W\ $ #O)"< "0 0 25&EM97,@3F5W M(%)O;6%N &98 '( !F6$4:YPH 0 - D @ 4 M "0 0 B07)I86P 6( !R &98 '(-\- !F6$4:YPH M $ +Y8UQ $ "0 ?\ 25&EM97,@3F5W(%)O M;6%N D @ ,\* !< 0\7:&0 0 0 P @ ( "\ M @ 25&EM97,@3F5W(%)O;6%N D @ +\* #$ _\6:&0 M 0 . H @ /3_ 0 $ "P!+ $ >PF?# $ P__>_[D)P@P! M $%P<&QE($QA$I 0!: ( JR,) P%:$ $ M$P " )T0 0 ,!BP\! !( @!"$1$ " 'L0!@ ( +1)S @#C M$7T " $$3" ( ,1,8 @ A%JT " *X;R !!<'!L92!,87-E M) 1195 SB 370 1060 35 (\225) 35 SB 482 1060 1572 (Summary of RPCSEC_GSS discussion) 1572 SB 520 1204 50 (\226) 50 SB 2 2 SJ 614 1204 1358 (Mike Eisler ) 1358 SB 370 1347 35 (\225) 35 SB 482 1347 1836 (Progress on outstanding RPCSEC_GSS items) 1836 SB 520 1491 50 (\226) 50 SB 1 2 SJ 614 1491 1057 (Ted Tso ) 1057 SB 370 1635 35 (\225) 35 SB 1 4 SJ 482 1635 1366 (Discussion of possible XDR work) 1366 SB 520 1779 50 (\226) 50 SB 4 2 SJ 614 1779 1745 (Keith Sklower ) 1745 SB 370 1922 35 (\225) 35 SB 482 1922 436 (Next Steps) 436 SB 1 #C statusdict begin /manualfeed false store end EJ RS %%PageTrailer %%PageResources: font Times-Bold %%+ font Times-Roman %%Page: 2 2 %%PageResources: (atend) SS 0 90 20 12 809 1100 300 SM 255 255 255 fC /fm 256 def gs 3001 2251 115 88 CB 3000 2250 115 88 B 1 F n gr 0 lc 0 lj 0 0 0 pC 6 25 SP gs 2654 1904 290 238 CB 2603 1853 315 263 B S n gr 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 0 0 0 fC 2765 2149 50 (2) 50 SB 390 2149 306 (12/9/96) 306 SB 32 0 0 150 150 0 0 0 134 /Times-Roman /font32 ANSIFont font 1027 282 1175 (ONCRPC WG Info) 1175 SB 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 395 429 35 (\225) 35 SB 3 6 SJ 507 429 2141 (Charter: Standardize ONC RPC protocols \(TSV area\)) 2141 SB 395 572 35 (\225) 35 SB 507 572 630 (WG Co-Chairs:) 630 SB 1295 572 949 (Steve Nahm & Ted Tso) 949 SB 545 716 50 (\226) 50 SB 639 716 617 (Area Directors:) 617 SB 1295 716 1423 (Allison Mankin & Allyn Romanow) 1423 SB 395 860 35 (\225) 35 SB 1 1 SJ 507 860 741 (Outstanding drafts) 741 SB 545 980 50 (\226) 50 SB 1 1 SJ 639 980 791 (Proposed Standards) 791 SB 695 1123 35 (\225) 35 SB 770 1123 810 (RFC1831 - RPC V2) 810 SB 695 1267 35 (\225) 35 SB 1 6 SJ 770 1267 1910 (RFC1832 - XDR \(Submitted as Draft Standard\)) 1910 SB 695 1411 35 (\225) 35 SB 770 1411 908 (RFC 1833 - RPC Bind) 908 SB 395 1555 35 (\225) 35 SB 507 1555 458 (Online info) 458 SB 545 1698 50 (\226) 50 SB 639 1698 1353 (oncrpc-wg@sunroof.eng.sun.com) 1353 SB 32 0 0 100 100 0 0 0 89 /Times-Bold /font29 ANSIFont font 545 1842 50 (\226) 50 SB 639 1842 1772 (oncrpc-wg-request@sunroof.eng.sun.com) 1772 SB 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 545 1986 50 (\226) 50 SB 2 2 SJ 639 1986 1803 (Archives at playground.sun.com:/pub/oncrpc) 1803 SB 1 #C statusdict begin /manualfeed false store end EJ RS %%PageTrailer %%PageResources: font Times-Bold %%+ font Times-Roman %%Page: 3 3 %%PageResources: (atend) SS 0 90 20 12 809 1100 300 SM 255 255 255 fC /fm 256 def gs 3001 2251 115 88 CB 3000 2250 115 88 B 1 F n gr 0 lc 0 lj 0 0 0 pC 6 25 SP gs 2654 1904 290 238 CB 2603 1853 315 263 B S n gr 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 0 0 0 fC 2765 2149 50 (3) 50 SB 390 2149 306 (12/9/96) 306 SB 32 0 0 150 150 0 0 0 134 /Times-Roman /font32 ANSIFont font 767 311 1697 (New ONCRPC WG Charter) 1697 SB 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 370 579 35 (\225) 35 SB 2 5 SJ 482 579 2001 (Standardize ONC RPC protocols existing practice) 2001 SB 370 722 35 (\225) 35 SB 1 8 SJ 482 722 2242 (Create security mechanism for ONC RPC that provides ) 2242 SB 32 0 0 100 100 0 0 0 89 /Times-Italic /font31 ANSIFont font 2725 722 78 (at) 78 SB 482 842 397 (minimum ) 397 SB 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 1 1 SJ 880 842 841 (strong authentication) 841 SB 520 986 50 (\226) 50 SB 614 986 2159 (Core RPC specification blocked until submitted as PS) 2159 SB 520 1130 50 (\226) 50 SB 614 1130 2056 (RPCSEC_GSS provides auth, integrity and privacy) 2056 SB 370 1273 35 (\225) 35 SB 482 1273 405 (Timetable) 405 SB 520 1417 50 (\226) 50 SB 614 1417 275 (Feb 97) 275 SB 970 1417 1808 (Submit RPCSEC_GSS as Proposed Standard) 1808 SB 520 1561 50 (\226) 50 SB 614 1561 291 (Mar 97) 291 SB 1 6 SJ 970 1561 1704 (Submit core RPC specs as Draft Standards) 1704 SB 520 1705 50 (\226) 50 SB 614 1705 291 (Mar 97) 291 SB 970 1705 1664 (WG need not meet; mailing list monitors ) 1664 SB 3 4 SJ 970 1825 1141 (balance of std track progress) 1141 SB 1 #C statusdict begin /manualfeed false store end EJ RS %%PageTrailer %%PageResources: font Times-Italic %%+ font Times-Roman %%Page: 4 4 %%PageResources: (atend) SS 0 90 20 12 809 1100 300 SM 255 255 255 fC /fm 256 def gs 3001 2251 115 88 CB 3000 2250 115 88 B 1 F n gr 0 lc 0 lj 0 0 0 pC 6 25 SP gs 2654 1904 290 238 CB 2603 1853 315 263 B S n gr 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 0 0 0 fC 2765 2149 50 (4) 50 SB 390 2149 306 (12/9/96) 306 SB 32 0 0 150 150 0 0 0 134 /Times-Roman /font32 ANSIFont font 946 299 1338 (ONC RPC WG Drafts) 1338 SB 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 370 504 35 (\225) 35 SB 482 504 1387 (draft-ietf-oncrpc-rpcsec_gss-01.txt) 1387 SB 520 647 50 (\226) 50 SB 614 647 769 (Mike Eisler, Editor) 769 SB 370 791 35 (\225) 35 SB 482 791 1232 (draft-ietf-oncrpc-remote-02.txt) 1232 SB 520 935 50 (\226) 50 SB 614 935 1069 (No outstanding WG issues) 1069 SB 520 1079 50 (\226) 50 SB -2 2 SJ 614 1079 1363 (Blocked; awaiting RPCSEC_GSS) 1363 SB 370 1222 35 (\225) 35 SB 482 1222 1260 (draft-ietf-oncrpc-rpcbind-01.txt) 1260 SB 520 1366 50 (\226) 50 SB 614 1366 1069 (No outstanding WG issues) 1069 SB 520 1510 50 (\226) 50 SB -2 2 SJ 614 1510 1363 (Blocked; awaiting RPCSEC_GSS) 1363 SB 370 1654 35 (\225) 35 SB 482 1654 1127 (draft-ietf-oncrpc-auth-02.txt) 1127 SB 520 1797 50 (\226) 50 SB 614 1797 1069 (No outstanding WG issues) 1069 SB 520 1941 50 (\226) 50 SB 614 1941 1476 (Plan to submit as Informational RFC) 1476 SB 1 #C statusdict begin /manualfeed false store end EJ RS %%PageTrailer %%PageResources: font Times-Roman %%Page: 5 5 %%PageResources: (atend) SS 0 90 20 12 809 1100 300 SM 255 255 255 fC /fm 256 def gs 3001 2251 115 88 CB 3000 2250 115 88 B 1 F n gr 0 lc 0 lj 0 0 0 pC 6 25 SP gs 2654 1904 290 238 CB 2603 1853 315 263 B S n gr 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 0 0 0 fC 2765 2149 50 (5) 50 SB 390 2149 306 (12/9/96) 306 SB 32 0 0 150 150 0 0 0 134 /Times-Roman /font32 ANSIFont font -1 1 SJ 1288 311 655 (Next Steps) 655 SB 32 0 0 100 100 0 0 0 89 /Times-Roman /font32 ANSIFont font 370 579 35 (\225) 35 SB 4 7 SJ 482 579 2226 (Publish current core RPC specs as recycle-in-grade PS?) 2226 SB 370 722 35 (\225) 35 SB 482 722 1680 (Publish Auth draft as Informational RFC?) 1680 SB 370 866 35 (\225) 35 SB 482 866 1847 (Submission of RPCSEC_GSS draft by Feb 97) 1847 SB 1 #C statusdict begin /manualfeed false store end EJ RS %%PageTrailer %%PageResources: font Times-Roman %%Trailer SVDoc restore end %%Pages: 5 % TrueType font name key: % MSTT31c26b = 2617DTimes New RomanF00000064000001900000 % MSTT31c26c = 2617DTimes New RomanF00000000000001900000 % MSTT31c26d = 2617DTimes New RomanF00000064000002bc0000 % MSTT31c26e = 2617DSystemF0007000f000002bc0000 % MSTT31c26f = 2617DTimes New RomanF000000640000019000ff %%DocumentSuppliedResources: procset Win35Dict 3 1 %%DocumentNeededResources: font Times-Bold %%+ font Times-Italic %%+ font Times-Roman %%EOF  ---------- X-Sun-Data-Type: postscript-file X-Sun-Data-Description: postscript-file X-Sun-Data-Name: sxn-ietf-sanjose-slides-6.ps X-Sun-Charset: us-ascii X-Sun-Content-Lines: 694 %!PS-Adobe-3.0 %%Creator: Windows PSCRIPT %%Title: PowerPoint - OWGJOSE.PPT %%BoundingBox: 14 9 597 784 %%DocumentNeededResources: (atend) %%DocumentSuppliedResources: (atend) %%Pages: (atend) %%BeginResource: procset Win35Dict 3 1 /Win35Dict 290 dict def Win35Dict begin/bd{bind def}bind def/in{72 mul}bd/ed{exch def}bd/ld{load def}bd/tr/translate ld/gs/gsave ld/gr /grestore ld/M/moveto ld/L/lineto ld/rmt/rmoveto ld/rlt/rlineto ld /rct/rcurveto ld/st/stroke ld/n/newpath ld/sm/setmatrix ld/cm/currentmatrix ld/cp/closepath ld/ARC/arcn ld/TR{65536 div}bd/lj/setlinejoin ld/lc /setlinecap ld/ml/setmiterlimit ld/sl/setlinewidth ld/scignore false def/sc{scignore{pop pop pop}{0 index 2 index eq 2 index 4 index eq and{pop pop 255 div setgray}{3{255 div 3 1 roll}repeat setrgbcolor}ifelse}ifelse}bd /FC{bR bG bB sc}bd/fC{/bB ed/bG ed/bR ed}bd/HC{hR hG hB sc}bd/hC{ /hB ed/hG ed/hR ed}bd/PC{pR pG pB sc}bd/pC{/pB ed/pG ed/pR ed}bd/sM matrix def/PenW 1 def/iPen 5 def/mxF matrix def/mxE matrix def/mxUE matrix def/mxUF matrix def/fBE false def/iDevRes 72 0 matrix defaultmatrix dtransform dup mul exch dup mul add sqrt def/fPP false def/SS{fPP{ /SV save def}{gs}ifelse}bd/RS{fPP{SV restore}{gr}ifelse}bd/EJ{gsave showpage grestore}bd/#C{userdict begin/#copies ed end}bd/FEbuf 2 string def/FEglyph(G )def/FE{1 exch{dup 16 FEbuf cvrs FEglyph exch 1 exch putinterval 1 index exch FEglyph cvn put}for}bd/SM{/iRes ed/cyP ed /cxPg ed/cyM ed/cxM ed 72 100 div dup scale dup 0 ne{90 eq{cyM exch 0 eq{cxM exch tr -90 rotate -1 1 scale}{cxM cxPg add exch tr +90 rotate}ifelse}{cyP cyM sub exch 0 ne{cxM exch tr -90 rotate}{cxM cxPg add exch tr -90 rotate 1 -1 scale}ifelse}ifelse}{pop cyP cyM sub exch 0 ne{cxM cxPg add exch tr 180 rotate}{cxM exch tr 1 -1 scale}ifelse}ifelse 100 iRes div dup scale 0 0 transform .25 add round .25 sub exch .25 add round .25 sub exch itransform translate}bd/SJ{1 index 0 eq{pop pop/fBE false def}{1 index/Break ed div/dxBreak ed/fBE true def}ifelse}bd/ANSIVec[ 16#0/grave 16#1/acute 16#2/circumflex 16#3/tilde 16#4/macron 16#5/breve 16#6/dotaccent 16#7/dieresis 16#8/ring 16#9/cedilla 16#A/hungarumlaut 16#B/ogonek 16#C/caron 16#D/dotlessi 16#27/quotesingle 16#60/grave 16#7C/bar 16#82/quotesinglbase 16#83/florin 16#84/quotedblbase 16#85 /ellipsis 16#86/dagger 16#87/daggerdbl 16#88/circumflex 16#89/perthousand 16#8A/Scaron 16#8B/guilsinglleft 16#8C/OE 16#91/quoteleft 16#92/quoteright 16#93/quotedblleft 16#94/quotedblright 16#95/bullet 16#96/endash 16#97 /emdash 16#98/tilde 16#99/trademark 16#9A/scaron 16#9B/guilsinglright 16#9C/oe 16#9F/Ydieresis 16#A0/space 16#A1/exclamdown 16#A4/currency 16#A5/yen 16#A6/brokenbar 16#A7/section 16#A8/dieresis 16#A9/copyright 16#AA/ordfeminine 16#AB/guillemotleft 16#AC/logicalnot 16#AD/hyphen 16#AE/registered 16#AF/macron 16#B0/degree 16#B1/plusminus 16#B2/twosuperior 16#B3/threesuperior 16#B4/acute 16#B5/mu 16#B6/paragraph 16#B7/periodcentered 16#B8/cedilla 16#B9/onesuperior 16#BA/ordmasculine 16#BB/guillemotright 16#BC/onequarter 16#BD/onehalf 16#BE/threequarters 16#BF/questiondown 16#C0/Agrave 16#C1/Aacute 16#C2/Acircumflex 16#C3/Atilde 16#C4/Adieresis 16#C5/Aring 16#C6/AE 16#C7/Ccedilla 16#C8/Egrave 16#C9/Eacute 16#CA /Ecircumflex 16#CB/Edieresis 16#CC/Igrave 16#CD/Iacute 16#CE/Icircumflex 16#CF/Idieresis 16#D0/Eth 16#D1/Ntilde 16#D2/Ograve 16#D3/Oacute 16#D4 /Ocircumflex 16#D5/Otilde 16#D6/Odieresis 16#D7/multiply 16#D8/Oslash 16#D9/Ugrave 16#DA/Uacute 16#DB/Ucircumflex 16#DC/Udieresis 16#DD/Yacute 16#DE/Thorn 16#DF/germandbls 16#E0/agrave 16#E1/aacute 16#E2/acircumflex 16#E3/atilde 16#E4/adieresis 16#E5/aring 16#E6/ae 16#E7/ccedilla 16#E8 /egrave 16#E9/eacute 16#EA/ecircumflex 16#EB/edieresis 16#EC/igrave 16#ED/iacute 16#EE/icircumflex 16#EF/idieresis 16#F0/eth 16#F1/ntilde 16#F2/ograve 16#F3/oacute 16#F4/ocircumflex 16#F5/otilde 16#F6/odieresis 16#F7/divide 16#F8/oslash 16#F9/ugrave 16#FA/uacute 16#FB/ucircumflex 16#FC/udieresis 16#FD/yacute 16#FE/thorn 16#FF/ydieresis ] def/reencdict 12 dict def/IsChar{basefontdict/CharStrings get exch known}bd/MapCh{dup IsChar not{pop/bullet}if newfont/Encoding get 3 1 roll put}bd/MapDegree{16#b0 /degree IsChar{/degree}{/ring}ifelse MapCh}bd/MapBB{16#a6/brokenbar IsChar{/brokenbar}{/bar}ifelse MapCh}bd/ANSIFont{reencdict begin/newfontname ed/basefontname ed FontDirectory newfontname known not{/basefontdict basefontname findfont def/newfont basefontdict maxlength dict def basefontdict{exch dup/FID ne{dup/Encoding eq{exch dup length array copy newfont 3 1 roll put}{exch newfont 3 1 roll put}ifelse}{pop pop}ifelse}forall newfont /FontName newfontname put 127 1 159{newfont/Encoding get exch/bullet put}for ANSIVec aload pop ANSIVec length 2 idiv{MapCh}repeat MapDegree MapBB newfontname newfont definefont pop}if newfontname end}bd/SB{FC /ULlen ed/str ed str length fBE not{dup 1 gt{1 sub}if}if/cbStr ed /dxGdi ed/y0 ed/x0 ed str stringwidth dup 0 ne{/y1 ed/x1 ed y1 y1 mul x1 x1 mul add sqrt dxGdi exch div 1 sub dup x1 mul cbStr div exch y1 mul cbStr div}{exch abs neg dxGdi add cbStr div exch}ifelse/dyExtra ed/dxExtra ed x0 y0 M fBE{dxBreak 0 BCh dxExtra dyExtra str awidthshow}{dxExtra dyExtra str ashow}ifelse fUL{x0 y0 M dxUL dyUL rmt ULlen fBE{Break add}if 0 mxUE transform gs rlt cyUL sl [] 0 setdash st gr}if fSO{x0 y0 M dxSO dySO rmt ULlen fBE{Break add}if 0 mxUE transform gs rlt cyUL sl [] 0 setdash st gr}if n/fBE false def}bd/font{/name ed/Ascent ed 0 ne/fT3 ed 0 ne/fSO ed 0 ne/fUL ed/Sy ed/Sx ed 10.0 div/ori ed -10.0 div/esc ed/BCh ed name findfont/xAscent 0 def/yAscent Ascent def/ULesc esc def ULesc mxUE rotate pop fT3{/esc 0 def xAscent yAscent mxUE transform /yAscent ed/xAscent ed}if [Sx 0 0 Sy neg xAscent yAscent] esc mxE rotate mxF concatmatrix makefont setfont [Sx 0 0 Sy neg 0 Ascent] mxUE mxUF concatmatrix pop fUL{currentfont dup/FontInfo get/UnderlinePosition known not{pop/Courier findfont}if/FontInfo get/UnderlinePosition get 1000 div 0 exch mxUF transform/dyUL ed/dxUL ed}if fSO{0 .3 mxUF transform /dySO ed/dxSO ed}if fUL fSO or{currentfont dup/FontInfo get/UnderlineThickness known not{pop/Courier findfont}if/FontInfo get/UnderlineThickness get 1000 div Sy mul/cyUL ed}if}bd/min{2 copy gt{exch}if pop}bd/max{2 copy lt{exch}if pop}bd/CP{/ft ed{{ft 0 eq{clip}{eoclip}ifelse}stopped{currentflat 1 add setflat}{exit}ifelse}loop}bd/patfont 10 dict def patfont begin /FontType 3 def/FontMatrix [1 0 0 -1 0 0] def/FontBBox [0 0 16 16] def/Encoding StandardEncoding def/BuildChar{pop pop 16 0 0 0 16 16 setcachedevice 16 16 false [1 0 0 1 .25 .25]{pat}imagemask}bd end/p{ /pat 32 string def{}forall 0 1 7{dup 2 mul pat exch 3 index put dup 2 mul 1 add pat exch 3 index put dup 2 mul 16 add pat exch 3 index put 2 mul 17 add pat exch 2 index put pop}for}bd/pfill{/PatFont patfont definefont setfont/ch(AAAA)def X0 64 X1{Y1 -16 Y0{1 index exch M ch show}for pop}for}bd/vert{X0 w X1{dup Y0 M Y1 L st}for}bd/horz{Y0 w Y1{dup X0 exch M X1 exch L st}for}bd/fdiag{X0 w X1{Y0 M X1 X0 sub dup rlt st}for Y0 w Y1{X0 exch M Y1 Y0 sub dup rlt st}for}bd/bdiag{X0 w X1{Y1 M X1 X0 sub dup neg rlt st}for Y0 w Y1{X0 exch M Y1 Y0 sub dup neg rlt st}for}bd/AU{1 add cvi 15 or}bd/AD{1 sub cvi -16 and}bd/SHR{pathbbox AU/Y1 ed AU/X1 ed AD/Y0 ed AD/X0 ed}bd/hfill{/w iRes 37.5 div round def 0.1 sl [] 0 setdash n dup 0 eq{horz}if dup 1 eq{vert}if dup 2 eq{fdiag}if dup 3 eq{bdiag}if dup 4 eq{horz vert}if 5 eq{fdiag bdiag}if}bd/F{/ft ed fm 256 and 0 ne{gs FC ft 0 eq{fill}{eofill}ifelse gr}if fm 1536 and 0 ne{SHR gs HC ft CP fm 1024 and 0 ne{/Tmp save def pfill Tmp restore}{fm 15 and hfill}ifelse gr}if}bd/S{PenW sl PC st}bd/m matrix def/GW{iRes 12 div PenW add cvi}bd/DoW{iRes 50 div PenW add cvi}bd/DW{iRes 8 div PenW add cvi}bd/SP{/PenW ed/iPen ed iPen 0 eq iPen 6 eq or{[] 0 setdash}if iPen 1 eq{[DW GW] 0 setdash}if iPen 2 eq{[DoW GW] 0 setdash}if iPen 3 eq{[DW GW DoW GW] 0 setdash}if iPen 4 eq{[DW GW DoW GW DoW GW] 0 setdash}if}bd/E{m cm pop tr scale 1 0 moveto 0 0 1 0 360 arc cp m sm}bd /AG{/sy ed/sx ed sx div 4 1 roll sy div 4 1 roll sx div 4 1 roll sy div 4 1 roll atan/a2 ed atan/a1 ed sx sy scale a1 a2 ARC}def/A{m cm pop tr AG m sm}def/P{m cm pop tr 0 0 M AG cp m sm}def/RRect{n 4 copy M 3 1 roll exch L 4 2 roll L L cp}bd/RRCC{/r ed/y1 ed/x1 ed/y0 ed/x0 ed x0 x1 add 2 div y0 M x1 y0 x1 y1 r arcto 4{pop}repeat x1 y1 x0 y1 r arcto 4{pop}repeat x0 y1 x0 y0 r arcto 4{pop}repeat x0 y0 x1 y0 r arcto 4{pop}repeat cp}bd/RR{2 copy 0 eq exch 0 eq or{pop pop RRect}{2 copy eq{pop RRCC}{m cm pop/y2 ed/x2 ed/ys y2 x2 div 1 max def/xs x2 y2 div 1 max def/y1 exch ys div def/x1 exch xs div def/y0 exch ys div def/x0 exch xs div def/r2 x2 y2 min def xs ys scale x0 x1 add 2 div y0 M x1 y0 x1 y1 r2 arcto 4{pop}repeat x1 y1 x0 y1 r2 arcto 4{pop}repeat x0 y1 x0 y0 r2 arcto 4{pop}repeat x0 y0 x1 y0 r2 arcto 4{pop}repeat m sm cp}ifelse}ifelse}bd/PP{{rlt}repeat}bd/OB{gs 0 ne{7 3 roll/y ed /x ed x y translate ULesc rotate x neg y neg translate x y 7 -3 roll}if sc B fill gr}bd/B{M/dy ed/dx ed dx 0 rlt 0 dy rlt dx neg 0 rlt cp}bd /CB{B clip n}bd/ErrHandler{errordict dup maxlength exch length gt dup{errordict begin}if/errhelpdict 12 dict def errhelpdict begin/stackunderflow(operand stack underflow)def /undefined(this name is not defined in a dictionary)def/VMerror(you have used up all the printer's memory)def /typecheck(operator was expecting a different type of operand)def /ioerror(input/output error occured)def end{end}if errordict begin /handleerror{$error begin newerror{/newerror false def showpage 72 72 scale/x .25 def/y 9.6 def/Helvetica findfont .2 scalefont setfont x y moveto(Offending Command = )show/command load{dup type/stringtype ne{(max err string)cvs}if show}exec/y y .2 sub def x y moveto(Error = )show errorname{dup type dup( max err string )cvs show( : )show/stringtype ne{( max err string )cvs}if show}exec errordict begin errhelpdict errorname known{x 1 add y .2 sub moveto errhelpdict errorname get show}if end /y y .4 sub def x y moveto(Stack =)show ostack{/y y .2 sub def x 1 add y moveto dup type/stringtype ne{( max err string )cvs}if show}forall showpage}if end}def end}bd end %%EndResource /SVDoc save def %%EndProlog %%BeginSetup Win35Dict begin ErrHandler statusdict begin 0 setjobtimeout end statusdict begin statusdict /jobname (PowerPoint - OWGJOSE.PPT) put end /oldDictCnt countdictstack def {}stopped { countdictstack oldDictCnt lt { Win35Dict begin } {1 1 countdictstack oldDictCnt sub {pop end } for } ifelse } if /oldDictCnt countdictstack def {letter }stopped { countdictstack oldDictCnt lt { Win35Dict begin } {1 1 countdictstack oldDictCnt sub {pop end } for } ifelse } if [{ } /exec load currenttransfer /exec load] cvx settransfer %%EndSetup %%Page: 1 1 %%PageResources: (atend) SS 0 0 20 11 809 1100 300 SM 255 255 255 fC /fm 256 def gs 2251 3001 88 115 CB 2250 3000 88 115 B 1 F n gr /fm 256 def gs 879 660 267 415 CB 879 661 268 416 B 1 F n gr 0 lc 0 lj 0 0 0 pC 6 7 SP gs 879 660 267 415 CB 763 544 326 467 B S n gr 32 0 0 29 29 0 0 0 26 /Times-Roman /font32 ANSIFont font 0 0 0 fC gs 879 660 267 415 CB 1043 1020 15 (1) 15 SB gr gs 879 660 267 415 CB 347 1020 30 (12) 29 SB 376 1020 61 (/9/96) 61 SB gr 32 0 0 44 44 0 0 0 39 /Times-Roman /font32 ANSIFont font gs 879 660 267 415 CB 497 481 420 (ONC RPC WG Agenda) 420 SB gr 32 0 0 29 29 0 0 0 26 /Times-Bold /font29 ANSIFont font gs 879 660 267 415 CB 341 574 10 (\225) 10 SB gr gs 879 660 267 415 CB 4 4 SJ 374 574 366 (Assign scribe for this meeting) 366 SB gr 32 0 0 29 29 0 0 0 26 /Times-Roman /font32 ANSIFont font gs 879 660 267 415 CB 341 616 10 (\225) 10 SB gr gs 879 660 267 415 CB 374 616 695 (Introductions, Background, New Charter. Agenda Changes) 695 SB gr gs 879 660 267 415 CB 385 658 15 (\226) 15 SB gr gs 879 660 267 415 CB 1 2 SJ 412 658 350 (Steve Nahm ) 350 SB gr gs 879 660 267 415 CB 341 700 10 (\225) 10 SB gr gs 879 660 267 415 CB 2 3 SJ 374 700 458 (Summary of RPCSEC_GSS discussion) 458 SB gr gs 879 660 267 415 CB 385 742 15 (\226) 15 SB gr gs 879 660 267 415 CB 1 2 SJ 412 742 398 (Mike Eisler ) 398 SB gr gs 879 660 267 415 CB 341 785 10 (\225) 10 SB gr gs 879 660 267 415 CB 3 4 SJ 374 785 535 (Progress on outstanding RPCSEC_GSS items) 535 SB gr gs 879 660 267 415 CB 385 827 15 (\226) 15 SB gr gs 879 660 267 415 CB 1 2 SJ 412 827 309 (Ted Tso ) 309 SB gr gs 879 660 267 415 CB 341 869 10 (\225) 10 SB gr gs 879 660 267 415 CB 2 4 SJ 374 869 399 (Discussion of possible XDR work) 399 SB gr gs 879 660 267 415 CB 385 911 15 (\226) 15 SB gr gs 879 660 267 415 CB 1 2 SJ 412 911 512 (Keith Sklower ) 512 SB gr gs 879 660 267 415 CB 341 953 10 (\225) 10 SB gr gs 879 660 267 415 CB 1 1 SJ 374 953 127 (Next Steps) 127 SB gr 255 255 255 fC /fm 256 def gs 880 660 1279 415 CB 879 661 1281 416 B 1 F n gr 6 7 SP gs 880 660 1279 415 CB 763 544 1339 467 B S n gr 0 0 0 fC gs 880 660 1279 415 CB 2056 1020 15 (2) 15 SB gr gs 880 660 1279 415 CB 1360 1020 30 (12) 29 SB 1389 1020 61 (/9/96) 61 SB gr 32 0 0 44 44 0 0 0 39 /Times-Roman /font32 ANSIFont font gs 880 660 1279 415 CB 1547 472 345 (ONCRPC WG Info) 345 SB gr 32 0 0 29 29 0 0 0 26 /Times-Roman /font32 ANSIFont font gs 880 660 1279 415 CB 1361 515 10 (\225) 10 SB gr gs 880 660 1279 415 CB 3 6 SJ 1394 515 626 (Charter: Standardize ONC RPC protocols \(TSV area\)) 626 SB gr gs 880 660 1279 415 CB 1361 557 10 (\225) 10 SB gr gs 880 660 1279 415 CB 1394 557 183 (WG Co-Chairs:) 183 SB gr gs 880 660 1279 415 CB 1 4 SJ 1625 557 278 (Steve Nahm & Ted Tso) 278 SB gr gs 880 660 1279 415 CB 1405 599 15 (\226) 15 SB gr gs 880 660 1279 415 CB 1432 599 181 (Area Directors:) 181 SB gr gs 880 660 1279 415 CB 1625 599 417 (Allison Mankin & Allyn Romanow) 417 SB gr gs 880 660 1279 415 CB 1361 642 10 (\225) 10 SB gr gs 880 660 1279 415 CB 1394 642 218 (Outstanding drafts) 218 SB gr gs 880 660 1279 415 CB 1405 677 15 (\226) 15 SB gr gs 880 660 1279 415 CB -1 1 SJ 1432 677 233 (Proposed Standards) 233 SB gr gs 880 660 1279 415 CB 1449 719 10 (\225) 10 SB gr gs 880 660 1279 415 CB 2 3 SJ 1471 719 235 (RFC1831 - RPC V2) 235 SB gr gs 880 660 1279 415 CB 1449 761 10 (\225) 10 SB gr gs 880 660 1279 415 CB 2 6 SJ 1471 761 559 (RFC1832 - XDR \(Submitted as Draft Standard\)) 559 SB gr gs 880 660 1279 415 CB 1449 803 10 (\225) 10 SB gr gs 880 660 1279 415 CB 3 4 SJ 1471 803 263 (RFC 1833 - RPC Bind) 263 SB gr gs 880 660 1279 415 CB 1361 845 10 (\225) 10 SB gr gs 880 660 1279 415 CB -1 1 SJ 1394 845 135 (Online info) 135 SB gr gs 880 660 1279 415 CB 1405 888 15 (\226) 15 SB gr gs 880 660 1279 415 CB 1432 888 30 (on) 29 SB 1461 888 97 (crpc-wg) 96 SB 1557 888 38 (@s) 39 SB 1596 888 30 (un) 29 SB 1625 888 40 (roo) 39 SB 1664 888 166 (f.eng.sun.com) 166 SB gr 32 0 0 29 29 0 0 0 26 /Times-Bold /font29 ANSIFont font gs 880 660 1279 415 CB 1405 930 15 (\226) 15 SB gr gs 880 660 1279 415 CB 1432 930 517 (oncrpc-wg-request@sunroof.eng.sun.com) 517 SB gr 32 0 0 29 29 0 0 0 26 /Times-Roman /font32 ANSIFont font gs 880 660 1279 415 CB 1405 972 15 (\226) 15 SB gr gs 880 660 1279 415 CB -2 2 SJ 1432 972 533 (Archives at playground.sun.com:/pub/oncrpc) 533 SB gr 255 255 255 fC /fm 256 def gs 879 660 267 1285 CB 879 661 268 1286 B 1 F n gr 6 7 SP gs 879 660 267 1285 CB 763 544 326 1337 B S n gr 0 0 0 fC gs 879 660 267 1285 CB 1043 1890 15 (3) 15 SB gr gs 879 660 267 1285 CB 347 1890 30 (12) 29 SB 376 1890 61 (/9/96) 61 SB gr 32 0 0 44 44 0 0 0 39 /Times-Roman /font32 ANSIFont font gs 879 660 267 1285 CB 457 1351 499 (New ONCRPC WG Charter) 499 SB gr 32 0 0 29 29 0 0 0 26 /Times-Roman /font32 ANSIFont font gs 879 660 267 1285 CB 341 1429 10 (\225) 10 SB gr gs 879 660 267 1285 CB 2 5 SJ 374 1429 585 (Standardize ONC RPC protocols existing practice) 585 SB gr gs 879 660 267 1285 CB 341 1471 10 (\225) 10 SB gr gs 879 660 267 1285 CB 3 8 SJ 374 1471 655 (Create security mechanism for ONC RPC that provides ) 655 SB gr 32 0 0 29 29 0 0 0 26 /Times-Italic /font31 ANSIFont font gs 879 660 267 1285 CB 1032 1471 23 (at) 23 SB gr gs 879 660 267 1285 CB 374 1506 116 (minimum ) 116 SB gr 32 0 0 29 29 0 0 0 26 /Times-Roman /font32 ANSIFont font gs 879 660 267 1285 CB 490 1506 248 (strong authentication) 248 SB gr gs 879 660 267 1285 CB 385 1549 15 (\226) 15 SB gr gs 879 660 267 1285 CB 3 7 SJ 412 1549 630 (Core RPC specification blocked until submitted as PS) 630 SB gr gs 879 660 267 1285 CB 385 1591 15 (\226) 15 SB gr gs 879 660 267 1285 CB 1 5 SJ 412 1591 602 (RPCSEC_GSS provides auth, integrity and privacy) 602 SB gr gs 879 660 267 1285 CB 341 1633 10 (\225) 10 SB gr gs 879 660 267 1285 CB 374 1633 119 (Timetable) 119 SB gr gs 879 660 267 1285 CB 385 1675 15 (\226) 15 SB gr gs 879 660 267 1285 CB 412 1675 81 (Feb 97) 81 SB gr gs 879 660 267 1285 CB 2 4 SJ 517 1675 527 (Submit RPCSEC_GSS as Proposed Standard) 527 SB gr gs 879 660 267 1285 CB 385 1717 15 (\226) 15 SB gr gs 879 660 267 1285 CB 412 1717 86 (Mar 97) 86 SB gr gs 879 660 267 1285 CB 3 6 SJ 517 1717 497 (Submit core RPC specs as Draft Standards) 497 SB gr gs 879 660 267 1285 CB 385 1759 15 (\226) 15 SB gr gs 879 660 267 1285 CB 412 1759 86 (Mar 97) 86 SB gr gs 879 660 267 1285 CB 517 1759 486 (WG need not meet; mailing list monitors ) 486 SB gr gs 879 660 267 1285 CB 517 1794 336 (balance of std track progress) 336 SB gr 255 255 255 fC /fm 256 def gs 880 660 1279 1285 CB 879 661 1281 1286 B 1 F n gr 6 7 SP gs 880 660 1279 1285 CB 763 544 1339 1337 B S n gr 0 0 0 fC gs 880 660 1279 1285 CB 2056 1890 15 (4) 15 SB gr gs 880 660 1279 1285 CB 1360 1890 30 (12) 29 SB 1389 1890 61 (/9/96) 61 SB gr 32 0 0 44 44 0 0 0 39 /Times-Roman /font32 ANSIFont font gs 880 660 1279 1285 CB 1523 1347 393 (ONC RPC WG Drafts) 393 SB gr 32 0 0 29 29 0 0 0 26 /Times-Roman /font32 ANSIFont font gs 880 660 1279 1285 CB 1354 1407 10 (\225) 10 SB gr gs 880 660 1279 1285 CB 1387 1407 25 (dr) 24 SB 1411 1407 120 (aft-ietf-on) 119 SB 1530 1407 71 (crpc-r) 70 SB 1600 1407 52 (pcse) 53 SB 1653 1407 28 (c_) 27 SB 1680 1407 37 (gss) 38 SB 1718 1407 10 (-) 9 SB 1727 1407 68 (01.txt) 68 SB gr gs 880 660 1279 1285 CB 1398 1449 15 (\226) 15 SB gr gs 880 660 1279 1285 CB 1 2 SJ 1425 1449 225 (Mike Eisler, Editor) 225 SB gr gs 880 660 1279 1285 CB 1354 1491 10 (\225) 10 SB gr gs 880 660 1279 1285 CB 1387 1491 25 (dr) 24 SB 1411 1491 120 (aft-ietf-on) 119 SB 1530 1491 71 (crpc-r) 70 SB 1600 1491 97 (emote-0) 96 SB 1696 1491 30 (2.t) 31 SB 1727 1491 15 (x) 14 SB 1741 1491 8 (t) 8 SB gr gs 880 660 1279 1285 CB 1398 1534 15 (\226) 15 SB gr gs 880 660 1279 1285 CB 2 3 SJ 1425 1534 312 (No outstanding WG issues) 312 SB gr gs 880 660 1279 1285 CB 1398 1576 15 (\226) 15 SB gr gs 880 660 1279 1285 CB 3 2 SJ 1425 1576 396 (Blocked; awaiting RPCSEC_GSS) 396 SB gr gs 880 660 1279 1285 CB 1354 1618 10 (\225) 10 SB gr gs 880 660 1279 1285 CB 1387 1618 25 (dr) 24 SB 1411 1618 120 (aft-ietf-on) 119 SB 1530 1618 71 (crpc-r) 70 SB 1600 1618 81 (pcbind) 80 SB 1680 1618 40 (-01) 39 SB 1719 1618 7 (.) 8 SB 1727 1618 23 (tx) 22 SB 1749 1618 8 (t) 9 SB gr gs 880 660 1279 1285 CB 1398 1660 15 (\226) 15 SB gr gs 880 660 1279 1285 CB 2 3 SJ 1425 1660 312 (No outstanding WG issues) 312 SB gr gs 880 660 1279 1285 CB 1398 1702 15 (\226) 15 SB gr gs 880 660 1279 1285 CB 3 2 SJ 1425 1702 396 (Blocked; awaiting RPCSEC_GSS) 396 SB gr gs 880 660 1279 1285 CB 1354 1744 10 (\225) 10 SB gr gs 880 660 1279 1285 CB 1387 1744 25 (dr) 24 SB 1411 1744 120 (aft-ietf-on) 119 SB 1530 1744 89 (crpc-au) 88 SB 1618 1744 63 (th-02) 62 SB 1680 1744 7 (.) 8 SB 1688 1744 23 (tx) 22 SB 1710 1744 8 (t) 9 SB gr gs 880 660 1279 1285 CB 1398 1787 15 (\226) 15 SB gr gs 880 660 1279 1285 CB 2 3 SJ 1425 1787 312 (No outstanding WG issues) 312 SB gr gs 880 660 1279 1285 CB 1398 1829 15 (\226) 15 SB gr gs 880 660 1279 1285 CB 2 5 SJ 1425 1829 431 (Plan to submit as Informational RFC) 431 SB gr 255 255 255 fC /fm 256 def gs 879 659 267 2155 CB 879 661 268 2155 B 1 F n gr 6 7 SP gs 879 659 267 2155 CB 763 544 326 2206 B S n gr 0 0 0 fC gs 879 659 267 2155 CB 1043 2759 15 (5) 15 SB gr gs 879 659 267 2155 CB 347 2759 30 (12) 29 SB 376 2759 61 (/9/96) 61 SB gr 32 0 0 44 44 0 0 0 39 /Times-Roman /font32 ANSIFont font gs 879 659 267 2155 CB 610 2220 192 (Next Steps) 192 SB gr 32 0 0 29 29 0 0 0 26 /Times-Roman /font32 ANSIFont font gs 879 659 267 2155 CB 341 2298 10 (\225) 10 SB gr gs 879 659 267 2155 CB 2 7 SJ 374 2298 652 (Publish current core RPC specs as recycle-in-grade PS?) 652 SB gr gs 879 659 267 2155 CB 341 2340 10 (\225) 10 SB gr gs 879 659 267 2155 CB 1 5 SJ 374 2340 492 (Publish Auth draft as Informational RFC?) 492 SB gr gs 879 659 267 2155 CB 341 2382 10 (\225) 10 SB gr gs 879 659 267 2155 CB 2 6 SJ 374 2382 539 (Submission of RPCSEC_GSS draft by Feb 97) 539 SB gr 1 #C statusdict begin /manualfeed false store end EJ RS %%PageTrailer %%PageResources: font Times-Bold %%+ font Times-Italic %%+ font Times-Roman %%Trailer SVDoc restore end %%Pages: 1 % TrueType font name key: % MSTT31c291 = 314fDTimes New RomanF0000001d000001900000 % MSTT31c292 = 314fDTimes New RomanF0000002c000001900000 % MSTT31c293 = 314fDTimes New RomanF0000001d000002bc0000 % MSTT31c294 = 314fDSystemF0007000f000002bc0000 % MSTT31c295 = 314fDTimes New RomanF0000001d0000019000ff %%DocumentSuppliedResources: procset Win35Dict 3 1 %%DocumentNeededResources: font Times-Bold %%+ font Times-Italic %%+ font Times-Roman %%EOF  ---------- X-Sun-Data-Type: postscript-file X-Sun-Data-Description: postscript-file X-Sun-Data-Name: mre-ietf-sanjose-1.ps X-Sun-Charset: us-ascii X-Sun-Content-Lines: 1832 %! %%BoundingBox: (atend) %%Pages: (atend) %%DocumentFonts: (atend) %%EndComments %%BeginProlog % % FrameMaker postscript_prolog 3.0, for use with FrameMaker 3.0 % This postscript_prolog file is Copyright (c) 1986-1991 Frame Technology % Corporation. All rights reserved. This postscript_prolog file may be % freely copied and distributed in conjunction with documents created using % FrameMaker. % NOTE % This file fixes the problem with NeWS printers dithering color output. % Any questions should be sent to mickey@magickingdom.eng.sun.com % % Known Problems: % Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1 /FMversion (3.0) def % Set up Color vs. Black-and-White /FMPrintInColor { % once-thru loop gimmick % See if we're a NeWSprint printer /currentcanvas where { pop systemdict /separationdict known exit } if % originally had the following, which should always be false: % /currentcanvas where { % pop currentcanvas /Color known { % currentcanvas /Color get % exit % } if % } if systemdict /colorimage known systemdict /currentcolortransfer known and exit } loop def % Uncomment the following line to force b&w on color printer % /FMPrintInColor false def /FrameDict 195 dict def systemdict /errordict known not {/errordict 10 dict def errordict /rangecheck {stop} put} if % The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk FrameDict /tmprangecheck errordict /rangecheck get put errordict /rangecheck {FrameDict /bug true put} put FrameDict /bug false put mark % Some PS machines read past the CR, so keep the following 3 lines together! currentfile 5 string readline 00 0000000000 cleartomark errordict /rangecheck FrameDict /tmprangecheck get put FrameDict /bug get { /readline { /gstring exch def /gfile exch def /gindex 0 def { gfile read pop dup 10 eq {exit} if dup 13 eq {exit} if gstring exch gindex exch put /gindex gindex 1 add def } loop pop gstring 0 gindex getinterval true } def } if /FMVERSION { FMversion ne { /Times-Roman findfont 18 scalefont setfont 100 100 moveto (FrameMaker version does not match postscript_prolog!) dup = show showpage } if } def /FMLOCAL { FrameDict begin 0 def end } def /gstring FMLOCAL /gfile FMLOCAL /gindex FMLOCAL /orgxfer FMLOCAL /orgproc FMLOCAL /organgle FMLOCAL /orgfreq FMLOCAL /yscale FMLOCAL /xscale FMLOCAL /manualfeed FMLOCAL /paperheight FMLOCAL /paperwidth FMLOCAL /FMDOCUMENT { array /FMfonts exch def /#copies exch def FrameDict begin 0 ne dup {setmanualfeed} if /manualfeed exch def /paperheight exch def /paperwidth exch def /yscale exch def /xscale exch def currenttransfer cvlit /orgxfer exch def currentscreen cvlit /orgproc exch def /organgle exch def /orgfreq exch def setpapername manualfeed {true} {papersize} ifelse {manualpapersize} {false} ifelse {desperatepapersize} if end } def /pagesave FMLOCAL /orgmatrix FMLOCAL /landscape FMLOCAL /FMBEGINPAGE { FrameDict begin /pagesave save def 3.86 setmiterlimit /landscape exch 0 ne def landscape { 90 rotate 0 exch neg translate pop } {pop pop} ifelse xscale yscale scale /orgmatrix matrix def gsave } def /FMENDPAGE { grestore pagesave restore end showpage } def /FMFONTDEFINE { FrameDict begin findfont ReEncode 1 index exch definefont FMfonts 3 1 roll put end } def /FMFILLS { FrameDict begin array /fillvals exch def end } def /FMFILL { FrameDict begin fillvals 3 1 roll put end } def /FMNORMALIZEGRAPHICS { newpath 0.0 0.0 moveto 1 setlinewidth 0 setlinecap 0 0 0 sethsbcolor 0 setgray } bind def /fx FMLOCAL /fy FMLOCAL /fh FMLOCAL /fw FMLOCAL /llx FMLOCAL /lly FMLOCAL /urx FMLOCAL /ury FMLOCAL /FMBEGINEPSF { end /FMEPSF save def /showpage {} def FMNORMALIZEGRAPHICS [/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall fx fy translate rotate fw urx llx sub div fh ury lly sub div scale llx neg lly neg translate } bind def /FMENDEPSF { FMEPSF restore FrameDict begin } bind def FrameDict begin /setmanualfeed { %%BeginFeature *ManualFeed True statusdict /manualfeed true put %%EndFeature } def /max {2 copy lt {exch} if pop} bind def /min {2 copy gt {exch} if pop} bind def /inch {72 mul} def /pagedimen { paperheight sub abs 16 lt exch paperwidth sub abs 16 lt and {/papername exch def} {pop} ifelse } def /papersizedict FMLOCAL /setpapername { /papersizedict 14 dict def papersizedict begin /papername /unknown def /Letter 8.5 inch 11.0 inch pagedimen /LetterSmall 7.68 inch 10.16 inch pagedimen /Tabloid 11.0 inch 17.0 inch pagedimen /Ledger 17.0 inch 11.0 inch pagedimen /Legal 8.5 inch 14.0 inch pagedimen /Statement 5.5 inch 8.5 inch pagedimen /Executive 7.5 inch 10.0 inch pagedimen /A3 11.69 inch 16.5 inch pagedimen /A4 8.26 inch 11.69 inch pagedimen /A4Small 7.47 inch 10.85 inch pagedimen /B4 10.125 inch 14.33 inch pagedimen /B5 7.16 inch 10.125 inch pagedimen end } def /papersize { papersizedict begin /Letter {lettertray letter} def /LetterSmall {lettertray lettersmall} def /Tabloid {11x17tray 11x17} def /Ledger {ledgertray ledger} def /Legal {legaltray legal} def /Statement {statementtray statement} def /Executive {executivetray executive} def /A3 {a3tray a3} def /A4 {a4tray a4} def /A4Small {a4tray a4small} def /B4 {b4tray b4} def /B5 {b5tray b5} def /unknown {unknown} def papersizedict dup papername known {papername} {/unknown} ifelse get end /FMdicttop countdictstack 1 add def statusdict begin stopped end countdictstack -1 FMdicttop {pop end} for } def /manualpapersize { papersizedict begin /Letter {letter} def /LetterSmall {lettersmall} def /Tabloid {11x17} def /Ledger {ledger} def /Legal {legal} def /Statement {statement} def /Executive {executive} def /A3 {a3} def /A4 {a4} def /A4Small {a4small} def /B4 {b4} def /B5 {b5} def /unknown {unknown} def papersizedict dup papername known {papername} {/unknown} ifelse get end stopped } def /desperatepapersize { statusdict /setpageparams known { paperwidth paperheight 0 1 statusdict begin {setpageparams} stopped pop end } if } def /savematrix { orgmatrix currentmatrix pop } bind def /restorematrix { orgmatrix setmatrix } bind def /dmatrix matrix def /dpi 72 0 dmatrix defaultmatrix dtransform dup mul exch dup mul add sqrt def /freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def /sangle 1 0 dmatrix defaultmatrix dtransform exch atan def /DiacriticEncoding [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quotesingle /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute /Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis /atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis /iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve /ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex /udieresis /dagger /.notdef /cent /sterling /section /bullet /paragraph /germandbls /registered /copyright /trademark /acute /dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef /yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown /exclamdown /logicalnot /.notdef /florin /.notdef /.notdef /guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde /Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright /quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis /fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl /periodcentered /quotesinglbase /quotedblbase /perthousand /Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute /Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve /Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron /breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron ] def /ReEncode { dup length dict begin { 1 index /FID ne {def} {pop pop} ifelse } forall 0 eq {/Encoding DiacriticEncoding def} if currentdict end } bind def /graymode true def /bwidth FMLOCAL /bpside FMLOCAL /bstring FMLOCAL /onbits FMLOCAL /offbits FMLOCAL /xindex FMLOCAL /yindex FMLOCAL /x FMLOCAL /y FMLOCAL /setpattern { /bwidth exch def /bpside exch def /bstring exch def /onbits 0 def /offbits 0 def freq sangle landscape {90 add} if {/y exch def /x exch def /xindex x 1 add 2 div bpside mul cvi def /yindex y 1 add 2 div bpside mul cvi def bstring yindex bwidth mul xindex 8 idiv add get 1 7 xindex 8 mod sub bitshift and 0 ne {/onbits onbits 1 add def 1} {/offbits offbits 1 add def 0} ifelse } setscreen {} settransfer offbits offbits onbits add div FMsetgray /graymode false def } bind def /grayness { FMsetgray graymode not { /graymode true def orgxfer cvx settransfer orgfreq organgle orgproc cvx setscreen } if } bind def /HUE FMLOCAL /SAT FMLOCAL /BRIGHT FMLOCAL /Colors FMLOCAL FMPrintInColor { /HUE 0 def /SAT 0 def /BRIGHT 0 def % array of arrays Hue and Sat values for the separations [HUE BRIGHT] /Colors [[0 0 ] % black [0 0 ] % white [0.00 1.0] % red [0.37 1.0] % green [0.60 1.0] % blue [0.50 1.0] % cyan [0.83 1.0] % magenta [0.16 1.0] % comment / yellow ] def /BEGINBITMAPCOLOR { BITMAPCOLOR} def /BEGINBITMAPCOLORc { BITMAPCOLORc} def /BEGINBITMAPTRUECOLOR { BITMAPTRUECOLOR } def /BEGINBITMAPTRUECOLORc { BITMAPTRUECOLORc } def /K { Colors exch get dup 0 get /HUE exch store 1 get /BRIGHT exch store HUE 0 eq BRIGHT 0 eq and {1.0 SAT sub setgray} {HUE SAT BRIGHT sethsbcolor} ifelse } def /FMsetgray { /SAT exch 1.0 exch sub store HUE 0 eq BRIGHT 0 eq and {1.0 SAT sub setgray} {HUE SAT BRIGHT sethsbcolor} ifelse } bind def } { /BEGINBITMAPCOLOR { BITMAPGRAY} def /BEGINBITMAPCOLORc { BITMAPGRAYc} def /BEGINBITMAPTRUECOLOR { BITMAPTRUEGRAY } def /BEGINBITMAPTRUECOLORc { BITMAPTRUEGRAYc } def /FMsetgray {setgray} bind def /K { pop } def } ifelse /normalize { transform round exch round exch itransform } bind def /dnormalize { dtransform round exch round exch idtransform } bind def /lnormalize { 0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop } bind def /H { lnormalize setlinewidth } bind def /Z { setlinecap } bind def /fillvals FMLOCAL /X { fillvals exch get dup type /stringtype eq {8 1 setpattern} {grayness} ifelse } bind def /V { gsave eofill grestore } bind def /N { stroke } bind def /M {newpath moveto} bind def /E {lineto} bind def /D {curveto} bind def /O {closepath} bind def /n FMLOCAL /L { /n exch def newpath normalize moveto 2 1 n {pop normalize lineto} for } bind def /Y { L closepath } bind def /x1 FMLOCAL /x2 FMLOCAL /y1 FMLOCAL /y2 FMLOCAL /rad FMLOCAL /R { /y2 exch def /x2 exch def /y1 exch def /x1 exch def x1 y1 x2 y1 x2 y2 x1 y2 4 Y } bind def /RR { /rad exch def normalize /y2 exch def /x2 exch def normalize /y1 exch def /x1 exch def newpath x1 y1 rad add moveto x1 y2 x2 y2 rad arcto x2 y2 x2 y1 rad arcto x2 y1 x1 y1 rad arcto x1 y1 x1 y2 rad arcto closepath 16 {pop} repeat } bind def /C { grestore gsave R clip } bind def /FMpointsize FMLOCAL /F { FMfonts exch get FMpointsize scalefont setfont } bind def /Q { /FMpointsize exch def F } bind def /T { moveto show } bind def /RF { rotate 0 ne {-1 1 scale} if } bind def /TF { gsave moveto RF show grestore } bind def /P { moveto 0 32 3 2 roll widthshow } bind def /PF { gsave moveto RF 0 32 3 2 roll widthshow grestore } bind def /S { moveto 0 exch ashow } bind def /SF { gsave moveto RF 0 exch ashow grestore } bind def /B { moveto 0 32 4 2 roll 0 exch awidthshow } bind def /BF { gsave moveto RF 0 32 4 2 roll 0 exch awidthshow grestore } bind def /G { gsave newpath normalize translate 0.0 0.0 moveto dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath fill grestore } bind def /A { gsave savematrix newpath 2 index 2 div add exch 3 index 2 div sub exch normalize 2 index 2 div sub exch 3 index 2 div add exch translate scale 0.0 0.0 1.0 5 3 roll arc restorematrix stroke grestore } bind def /x FMLOCAL /y FMLOCAL /w FMLOCAL /h FMLOCAL /xx FMLOCAL /yy FMLOCAL /ww FMLOCAL /hh FMLOCAL /FMsaveobject FMLOCAL /FMoptop FMLOCAL /FMdicttop FMLOCAL /BEGINPRINTCODE { /FMdicttop countdictstack 1 add def /FMoptop count 4 sub def /FMsaveobject save def userdict begin /showpage {} def FMNORMALIZEGRAPHICS 3 index neg 3 index neg translate } bind def /ENDPRINTCODE { count -1 FMoptop {pop pop} for countdictstack -1 FMdicttop {pop end} for FMsaveobject restore } bind def /gn { 0 { 46 mul cf read pop 32 sub dup 46 lt {exit} if 46 sub add } loop add } bind def /str FMLOCAL /cfs { /str sl string def 0 1 sl 1 sub {str exch val put} for str def } bind def /ic [ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 0 {0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx} {10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx} {19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12} {13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh} {4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh} {13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl} {7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl} {0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl} {10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl} ] def /sl FMLOCAL /val FMLOCAL /ws FMLOCAL /im FMLOCAL /bs FMLOCAL /cs FMLOCAL /len FMLOCAL /pos FMLOCAL /ms { /sl exch def /val 255 def /ws cfs /im cfs /val 0 def /bs cfs /cs cfs } bind def 400 ms /ip { is 0 cf cs readline pop { ic exch get exec add } forall pop } bind def /wh { /len exch def /pos exch def ws 0 len getinterval im pos len getinterval copy pop pos len } bind def /bl { /len exch def /pos exch def bs 0 len getinterval im pos len getinterval copy pop pos len } bind def /s1 1 string def /fl { /len exch def /pos exch def /val cf s1 readhexstring pop 0 get def pos 1 pos len add 1 sub {im exch val put} for pos len } bind def /hx { 3 copy getinterval cf exch readhexstring pop pop } bind def /h FMLOCAL /w FMLOCAL /d FMLOCAL /lb FMLOCAL /bitmapsave FMLOCAL /is FMLOCAL /cf FMLOCAL /wbytes { dup 8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse } bind def /BEGINBITMAPBWc { 1 {} COMMONBITMAPc } bind def /BEGINBITMAPGRAYc { 8 {} COMMONBITMAPc } bind def /BEGINBITMAP2BITc { 2 {} COMMONBITMAPc } bind def /COMMONBITMAPc { /r exch def /d exch def gsave translate rotate scale /h exch def /w exch def /lb w d wbytes def sl lb lt {lb ms} if /bitmapsave save def r /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def w h d [w 0 0 h neg 0 h] {ip} image bitmapsave restore grestore } bind def /BEGINBITMAPBW { 1 {} COMMONBITMAP } bind def /BEGINBITMAPGRAY { 8 {} COMMONBITMAP } bind def /BEGINBITMAP2BIT { 2 {} COMMONBITMAP } bind def /COMMONBITMAP { /r exch def /d exch def gsave translate rotate scale /h exch def /w exch def /bitmapsave save def r /is w d wbytes string def /cf currentfile def w h d [w 0 0 h neg 0 h] {cf is readhexstring pop} image bitmapsave restore grestore } bind def /proc1 FMLOCAL /proc2 FMLOCAL /newproc FMLOCAL /Fmcc { /proc2 exch cvlit def /proc1 exch cvlit def /newproc proc1 length proc2 length add array def newproc 0 proc1 putinterval newproc proc1 length proc2 putinterval newproc cvx } bind def /ngrayt 256 array def /nredt 256 array def /nbluet 256 array def /ngreent 256 array def /gryt FMLOCAL /blut FMLOCAL /grnt FMLOCAL /redt FMLOCAL /indx FMLOCAL /cynu FMLOCAL /magu FMLOCAL /yelu FMLOCAL /k FMLOCAL /u FMLOCAL /colorsetup { currentcolortransfer /gryt exch def /blut exch def /grnt exch def /redt exch def 0 1 255 { /indx exch def /cynu 1 red indx get 255 div sub def /magu 1 green indx get 255 div sub def /yelu 1 blue indx get 255 div sub def /k cynu magu min yelu min def /u k currentundercolorremoval exec def nredt indx 1 0 cynu u sub max sub redt exec put ngreent indx 1 0 magu u sub max sub grnt exec put nbluet indx 1 0 yelu u sub max sub blut exec put ngrayt indx 1 k currentblackgeneration exec sub gryt exec put } for {255 mul cvi nredt exch get} {255 mul cvi ngreent exch get} {255 mul cvi nbluet exch get} {255 mul cvi ngrayt exch get} setcolortransfer {pop 0} setundercolorremoval {} setblackgeneration } bind def /tran FMLOCAL /fakecolorsetup { /tran 256 string def 0 1 255 {/indx exch def tran indx red indx get 77 mul green indx get 151 mul blue indx get 28 mul add add 256 idiv put} for currenttransfer {255 mul cvi tran exch get 255.0 div} exch Fmcc settransfer } bind def /BITMAPCOLOR { /d 8 def gsave translate rotate scale /h exch def /w exch def /bitmapsave save def colorsetup /is w d wbytes string def /cf currentfile def w h d [w 0 0 h neg 0 h] {cf is readhexstring pop} {is} {is} true 3 colorimage bitmapsave restore grestore } bind def /BITMAPCOLORc { /d 8 def gsave translate rotate scale /h exch def /w exch def /lb w d wbytes def sl lb lt {lb ms} if /bitmapsave save def colorsetup /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def w h d [w 0 0 h neg 0 h] {ip} {is} {is} true 3 colorimage bitmapsave restore grestore } bind def /BITMAPTRUECOLORc { gsave translate rotate scale /h exch def /w exch def /bitmapsave save def /is w string def ws 0 w getinterval is copy pop /cf currentfile def w h 8 [w 0 0 h neg 0 h] {ip} {gip} {bip} true 3 colorimage bitmapsave restore grestore } bind def /BITMAPTRUECOLOR { gsave translate rotate scale /h exch def /w exch def /bitmapsave save def /is w string def /gis w string def /bis w string def /cf currentfile def w h 8 [w 0 0 h neg 0 h] { cf is readhexstring pop } { cf gis readhexstring pop } { cf bis readhexstring pop } true 3 colorimage bitmapsave restore grestore } bind def /BITMAPTRUEGRAYc { gsave translate rotate scale /h exch def /w exch def /bitmapsave save def /is w string def ws 0 w getinterval is copy pop /cf currentfile def w h 8 [w 0 0 h neg 0 h] {ip gip bip w gray} image bitmapsave restore grestore } bind def /ww FMLOCAL /r FMLOCAL /g FMLOCAL /b FMLOCAL /i FMLOCAL /gray { /ww exch def /b exch def /g exch def /r exch def 0 1 ww 1 sub { /i exch def r i get .299 mul g i get .587 mul b i get .114 mul add add r i 3 -1 roll floor cvi put } for r } bind def /BITMAPTRUEGRAY { gsave translate rotate scale /h exch def /w exch def /bitmapsave save def /is w string def /gis w string def /bis w string def /cf currentfile def w h 8 [w 0 0 h neg 0 h] { cf is readhexstring pop cf gis readhexstring pop cf bis readhexstring pop w gray} image bitmapsave restore grestore } bind def /BITMAPGRAY { 8 {fakecolorsetup} COMMONBITMAP } bind def /BITMAPGRAYc { 8 {fakecolorsetup} COMMONBITMAPc } bind def /ENDBITMAP { } bind def end /ALDsave FMLOCAL /ALDmatrix matrix def ALDmatrix currentmatrix pop /StartALD { /ALDsave save def savematrix ALDmatrix setmatrix } bind def /InALD { restorematrix } bind def /DoneALD { ALDsave restore } bind def %%EndProlog %%BeginSetup (3.0) FMVERSION 1 1 612 792 0 1 6 FMDOCUMENT 0 0 /Helvetica-Bold FMFONTDEFINE 1 0 /Helvetica-Oblique FMFONTDEFINE 2 0 /Helvetica-BoldOblique FMFONTDEFINE 3 0 /Helvetica FMFONTDEFINE 32 FMFILLS 0 0 FMFILL 1 0.1 FMFILL 2 0.3 FMFILL 3 0.5 FMFILL 4 0.7 FMFILL 5 0.9 FMFILL 6 0.97 FMFILL 7 1 FMFILL 8 <0f1e3c78f0e1c387> FMFILL 9 <0f87c3e1f0783c1e> FMFILL 10 FMFILL 11 FMFILL 12 <8142241818244281> FMFILL 13 <03060c183060c081> FMFILL 14 <8040201008040201> FMFILL 16 1 FMFILL 17 0.9 FMFILL 18 0.7 FMFILL 19 0.5 FMFILL 20 0.3 FMFILL 21 0.1 FMFILL 22 0.03 FMFILL 23 0 FMFILL 24 FMFILL 25 FMFILL 26 <3333333333333333> FMFILL 27 <0000ffff0000ffff> FMFILL 28 <7ebddbe7e7dbbd7e> FMFILL 29 FMFILL 30 <7fbfdfeff7fbfdfe> FMFILL %%EndSetup %%Page: "1" 1 %%BeginPaperSize: Letter %%EndPaperSize 612 792 1 FMBEGINPAGE 72 212.67 720 222.67 R 7 X 0 K V 90 252 702 702 R V 0 36 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt) 98.98 678 T (Summary of discussion and issues) 94.93 582 T (Mike Eisler, Document Editor) 146.96 486 T (mre@Eng.Sun.Com) 227.45 390 T FMENDPAGE %%EndPage: "1" 2 %%Page: "2" 2 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 2) 689.45 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (OVERVIEW OF DISCUSSION AND ISSUES) 156.76 686 T (\245) 90 640 T (Negotiation of mechanism - unresolved) 108 640 T (\245) 90 595 T (Specification of QOP/Service values - unresolved) 108 595 T (\245) 90 550 T -2.23 (Denial of service of attacks using sequence numbers) 108 550 P (- unresolved) 108 521 T (\245) 90 476 T (Clarify integrity check wording - resolved) 108 476 T (\245) 90 431 T (RPCSEC_GSS vs. GSS errors - resolved) 108 431 T (\245) 90 386 T (Generation of session handles - resolved) 108 386 T (\245) 90 341 T (Version negotiation - unresolved) 108 341 T (\245) 90 296 T (gss_get_mic\050\051 vs. gss_wrap\050\051 - unresolved) 108 296 T FMENDPAGE %%EndPage: "2" 3 %%Page: "3" 3 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 3) 689.45 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (\245) 90 686 T (section 6.2 - flooding attacks - resolved) 108 686 T (\245) 90 641 T (section 5.2.1 - context creation messages -) 108 641 T (unresolved) 108 612 T (\245) 90 567 T (data type of gss_proc - resolved) 108 567 T (\245) 90 522 T (GSS-API V1 references vs. GSS-API V2 - unresolved) 108 522 T FMENDPAGE %%EndPage: "3" 4 %%Page: "4" 4 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 4) 689.45 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (Negotiation of mechanism) 246.06 686 T (\245) 90 640 T (John Linn: \322no facility at the rpcsec_gss layer to) 108 640 T (transport or negotiate GSS-API mechanism) 108 611 T (identifiers, mechanism selection must either \050a\051 be) 108 582 T (static, \050b\051 be performed out-of-band, or \050c\051 be) 108 553 T (negotiated within the GSS layer\323) 108 524 T (\245) 90 479 T (Anonymous: \322... ONC RPC model doesn't stretch) 108 479 T -0.95 (very well to include models such as negotiated QOS) 108 450 P (or authentication flavor.... if you don't add such) 108 421 T (improvements to ONC RPC, there's little attracting) 108 392 T (me to ONC over the alternatives.\323) 108 363 T 2 F (\245) 90 318 T (Are the above issues serious enough to hold back) 108 318 T (the ID?) 108 289 T FMENDPAGE %%EndPage: "4" 5 %%Page: "5" 5 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 5) 689.45 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (Specification of QOP/SERVICE values) 180.05 686 T (\245) 90 640 T (John: \322is it expected that any such QOP values will) 108 640 T -0.05 (be sourced within the RPC layer, or instead that the) 108 611 P (relevant GSS mechanism ID will be reflected up to) 108 582 T -0.75 (the RPC caller so that it's equipped to undertake the) 108 553 P (responsibility of selecting QOPs suitable to the) 108 524 T (prevailing mechanism?\323) 108 495 T 2 F (\245) 90 450 T -1.4 (The API is expected to provide mechanism selection) 108 450 P (input/output to the client and server. The ID can be) 108 421 T (updated to reflect this.) 108 392 T 0 F (\245) 90 347 T (John: \322Use of \322default\323 would be simplifying here,) 108 347 T (and is probably to be preferred where/if possible\323) 108 318 T FMENDPAGE %%EndPage: "5" 6 %%Page: "6" 6 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 6) 689.45 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 2 24 Q 0 X (\245) 90 686 T -1.98 (Proposal: When the client doesn\325t know what QOP to) 108 686 P (use, \322default\323 should be specified in the ID) 108 657 T 0 F (\245) 90 612 T -2.35 (Marc Horowitz: Method of imposing QOP/service has) 108 612 P (problems:) 108 583 T 3 22 Q (-) 126 545.33 T (\322client has to \322guess\323 in rpc_gss_init_arg\323) 144 545.33 T (-) 126 510.33 T (\322field is not protected in any way\323) 144 510.33 T (-) 126 475.33 T (proposes: \322including the required qop and service values) 144 475.33 T (in the final \050GSS_S_COMPLETE\051 rpc_gss_init_res, and) 144 451.33 T (using gssapi to protect this information.\323) 144 427.33 T 2 24 Q (\245) 90 386 T -0.53 (The intent of feature in the ID was that clients would) 108 386 P -1.39 (pick the QOP from an out-of-band name service. The) 108 357 P (server \050e.g. NFS\051 may not know what the right QOP) 108 328 T (is until the client accesses a specific resource.) 108 299 T FMENDPAGE %%EndPage: "6" 7 %%Page: "7" 7 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 7) 689.45 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 2 24 Q 0 X (\245) 90 686 T (Is including the required QOP in the response) 108 686 T (redundant? If GSS-API is used to protect the data,) 108 657 T (then the QOP is encoded in the results of the GSS-) 108 628 T (API operation.) 108 599 T 0 F (\245) 90 554 T (Marc: \322why have the service/QOP\323 in the protocol?) 108 554 T (\245) 90 509 T (Marc: \322it seems more and more to me like dropping) 108 509 T -0.72 (the QOP/service stuff from the init phase is the right) 108 480 P (answer.\323) 108 451 T 2 F (\245) 90 406 T (It may be possible to remove this from the protocol) 108 406 T (and still achieve the desired effect. However, the) 108 377 T (next discussion point from Barry Jaspan raises an) 108 348 T (issue, leaving this still a point of contention.) 108 319 T FMENDPAGE %%EndPage: "7" 8 %%Page: "8" 8 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 8) 689.45 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (Denial of service of attacks using) 206.04 686 T (sequence numbers) 286.69 640 T (\245) 90 594 T (Barry Jaspan: suggests \322the seq_window also be) 108 594 T (protected when communicated to the client\323) 108 565 T 2 F (\245) 90 520 T (This is reasonable. However, if we delete QOP/) 108 520 T (integrity negotiation from the protocol, what QOP) 108 491 T (and what service does the server use to protect) 108 462 T (seq_window?) 108 433 T (\245) 90 388 T (Proposal: leave QOP/service in the protocol, and) 108 388 T (protect the service/seq_window when) 108 359 T (communicated back to the client with GSS-API) 108 330 T FMENDPAGE %%EndPage: "8" 9 %%Page: "9" 9 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 9) 689.45 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (Clarify integrity check wording) 220.72 686 T (\245) 90 640 T (John: description of Context Management \050sec.) 108 640 T (5.3.3.1\051 should emphasize: \322that the integrity check) 108 611 T (on an incoming message is to be validated before) 108 582 T (adjusting the receive window in response to the) 108 553 T (incoming message's sequence number\323) 108 524 T 2 F (\245) 90 479 T -1.09 (Agreed, though if the sequence number is below the) 108 479 P (window, the request can be dropped without the) 108 450 T (integrity check.) 108 421 T FMENDPAGE %%EndPage: "9" 10 %%Page: "10" 10 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 10) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (RPCSEC_GSS vs. GSS errors) 227.36 686 T (\245) 90 640 T (John: RPCSEC_GSS_NOCRED and) 108 640 T (RPCSEC_GSS_FAILED are similar in name to GSS-) 108 611 T (GSS-API major statuses GSS_NO_CRED and) 108 582 T -0.3 (GSS_FAILURE, but apparently different in meaning.) 108 553 P (Should the RPCSEC_GSS_* codes be renamed?) 108 524 T 2 F (\245) 90 479 T (They will be renamed since they definitely mean) 108 479 T (different things.) 108 450 T 0 F (\245) 90 405 T (John: \322is it possible and useful to define the) 108 405 T (mapping between specific GSS-level major status) 108 376 T (codes and the corresponding RPC layer error?\323) 108 347 T 2 F (\245) 90 302 T (An attempt will be made to define these mappings.) 108 302 T FMENDPAGE %%EndPage: "10" 11 %%Page: "11" 11 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 11) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (Generation of session handles) 221.38 686 T (\245) 90 640 T (Marc: Regarding sec. 5.2.2.1, it states: The server) 108 640 T (must generate handles such that they will be) 108 611 T (generated again for the same pair of client and) 108 582 T (server principals.) 108 553 T 3 18 Q (-) 126 520 T (\322What if there are two simultaneous connections from the same client) 144 520 T (to the same server?\323) 144 500 T (-) 126 472 T (\322GSSAPI requires that mechanisms protect context setup against) 144 472 T (replay attacks\323) 144 452 T 2 24 Q (\245) 90 412 T (There should have been a \322not\323 between \322will\323 and) 108 412 T (\322be\323.) 108 383 T (\245) 90 338 T (Proposal: for simplicity, delete the offending) 108 338 T (sentences from section 5.2.2.1.) 108 309 T FMENDPAGE %%EndPage: "11" 12 %%Page: "12" 12 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 12) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (Version negotiation) 284.04 686 T (\245) 90 640 T (Marc: \322The version negotiation procedure seems) 108 640 T (unnecessarily complex.\323) 108 611 T (\245) 90 566 T (Marc: \322In the case when the client and server both) 108 566 T (support the same protocol version \050which will be) 108 537 T -0.44 (most of the time\051, it would be useful to be able to do) 108 508 P (an aggressive setup, where instead of asking for a) 108 479 T -2.13 (protocol version, the first message for that version is) 108 450 P (sent.\323) 108 421 T 2 F (\245) 90 376 T -1.03 (Agreed. Since the server-side of version negotiation) 108 376 P (must be stateless, the server doesn\325t care.) 108 347 T (\245) 90 302 T (Proposal: Since version negotiation is contentious,) 108 302 T (and since we at only verison1, delete version) 108 273 T FMENDPAGE %%EndPage: "12" 13 %%Page: "13" 13 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 13) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 2 24 Q 0 X -2.17 (negotiation from the specification, reserve version 0,) 108 686 P (and if versions are added in the future, re-visit) 108 657 T (version negotiation then.) 108 628 T FMENDPAGE %%EndPage: "13" 14 %%Page: "14" 14 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 14) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (gss_get_mic\050\051 vs. gss_wrap\050\051) 228.7 686 T (\245) 90 640 T -1.09 (Marc: The protocol in the ID uses \322gss_get_mic\050\051 for) 108 640 P -0.39 (integrity, and gss_wrap\050\051 for encryption. it would be) 108 611 P (simpler... to use gss_wrap in both cases, with the) 108 582 T (conf_req flag set accordingly\323) 108 553 T 2 F (\245) 90 508 T (This will introduce an unnecessary byte copy that) 108 508 T (gss_wrap will incur when conf_req is zero.) 108 479 T FMENDPAGE %%EndPage: "14" 15 %%Page: "15" 15 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 15) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (\245) 90 686 T (Marc: Perhaps both modes should be allowed, as) 108 686 T (there is talk about extending GSS-API to use an) 108 657 T (application buffer.) 108 628 T 2 F (\245) 90 583 T (This extension won\325t eliminate the byte copy. Have) 108 583 T (two ways to do integrity is protocol bloat and by) 108 554 T (consequence, ONCRPC-API bloat. Why would an) 108 525 T (ONC-RPC programmer pick a \322wrapped-integrity\323) 108 496 T (service if the documentation warned that this) 108 467 T (consumed a byte copy?) 108 438 T FMENDPAGE %%EndPage: "15" 16 %%Page: "16" 16 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 16) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (section 6.2 - flooding attacks) 231.38 686 T (\245) 90 640 T (Marc: \322Section 6.2 goes through some effort to) 108 640 T (demonstrate that there are no flooding attacks) 108 611 T (possible. There is a trivial attack where the attacker) 108 582 T (sends fake requests above the window. These will) 108 553 T -1.38 (not be rejected due to the sequence number \050since it) 108 524 P (must increase\051, forcing the server to validate the) 108 495 T (header checksum and fail.\323) 108 466 T 2 F (\245) 90 421 T (The ID does, albeit not clearly, acknowledge this.) 108 421 T (\245) 90 376 T (Proposal: Clarify section 6.2.) 108 376 T FMENDPAGE %%EndPage: "16" 17 %%Page: "17" 17 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 17) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (section 5.2.1 - context creation messages) 159.37 686 T (\245) 90 640 T -1.09 (Marc: Section 5.2.1 says: The first RPC request from) 108 640 P (the client to the server initiates context creation for) 108 611 T (those mechanisms that require context creation) 108 582 T (messages. \322All mechanisms will generate at least) 108 553 T (one token requiring a context creation message\323) 108 524 T 2 F (\245) 90 479 T (The GSS-API v2 specification \050draft-ietf-cat-gssv2-) 108 479 T (08.txt\051 seems to imply that an initial call to) 108 450 T (GSS_Init_sec_context can return) 108 421 T (GSS_S_COMPLETE. Is there a problem with calling) 108 392 T (GSS_Accept_sec_context\050\051 on a token created with) 108 363 T (a GSS_Init_sec_context call returning) 108 334 T (GSS_S_COMPLETE?) 108 305 T FMENDPAGE %%EndPage: "17" 18 %%Page: "18" 18 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 18) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (data type of gss_proc) 272.04 686 T (\245) 90 640 T (Marc: \322gss_proc is an unsigned int instead of an) 108 640 T (enum. Why?\323) 108 611 T 2 F (\245) 90 566 T -0.53 (Proposal: redefine gss_proc as an enumerated type.) 108 566 P FMENDPAGE %%EndPage: "18" 19 %%Page: "19" 19 612 792 1 FMBEGINPAGE 72 746 720 756 R 7 X 0 K V 1 10 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 241.32 749.33 T (Slide 19) 683.89 749.33 T 72 212.67 720 222.67 R 7 X V 0 X (Mike Eisler, Document Editor) 331.58 216 T 72 234 720 711 18 RR 7 X 4 K V 0.5 H 0 Z 0 X N 90 252 702 702 R 7 X 0 K V 0 24 Q 0 X (GSS-API V1 references vs. GSS-API V2) 174.03 686 T (\245) 90 640 T (Marc: \322the draft should use [GSS-API] v2 function) 108 640 T (names, not v1 function names\323) 108 611 T 2 F (\245) 90 566 T (It wasn\325t clear if referencing another ID was) 108 566 T (appropriate.) 108 537 T (\245) 90 492 T (Proposal: change the names to use GSS-API V2) 108 492 T -0.5 (function names. Change them back to V1 if the GSS-) 108 463 P (API V2 is not an RFC by the time the rpcsec_gss ID) 108 434 T (is published as its own RFC.) 108 405 T FMENDPAGE %%EndPage: "19" 20 %%Trailer %%BoundingBox: 0 0 612 792 %%Pages: 19 1 %%DocumentFonts: Helvetica-Bold %%+ Helvetica-Oblique %%+ Helvetica-BoldOblique %%+ Helvetica ---------- X-Sun-Data-Type: postscript-file X-Sun-Data-Description: postscript-file X-Sun-Data-Name: mre-ietf-sanjose-6.ps X-Sun-Charset: us-ascii X-Sun-Content-Lines: 3173 %!PS-Adobe-3.0 %%BoundingBox: (atend) %%Pages: (atend) %%PageOrder: (atend) %%DocumentFonts: (atend) %%Creator: Frame 5.0 %%DocumentData: Clean7Bit %%EndComments %%BeginProlog % % Frame ps_prolog 5.0, for use with Frame 5.0 products % This ps_prolog file is Copyright (c) 1986-1995 Frame Technology % Corporation. All rights reserved. This ps_prolog file may be % freely copied and distributed in conjunction with documents created % using FrameMaker, FrameMaker/SGML and FrameViewer as long as this % copyright notice is preserved. % % FrameMaker users specify the proper paper size for each print job in the % "Print" dialog's "Printer Paper Size" "Width" and "Height~ fields. If the % printer that the PS file is sent to does not support the requested paper % size, or if there is no paper tray of the proper size currently installed, % then the job will not be printed. The following flag, if set to true, will % cause the job to print on the default paper in such cases. /FMAllowPaperSizeMismatch false def % % Frame products normally print colors as their true color on a color printer % or as shades of gray, based on luminance, on a black-and white printer. The % following flag, if set to true, forces all non-white colors to print as pure % black. This has no effect on bitmap images. /FMPrintAllColorsAsBlack false def % % Frame products can either set their own line screens or use a printer's % default settings. Three flags below control this separately for no % separations, spot separations and process separations. If a flag % is true, then the default printer settings will not be changed. If it is % false, Frame products will use their own settings from a table based on % the printer's resolution. /FMUseDefaultNoSeparationScreen true def /FMUseDefaultSpotSeparationScreen true def /FMUseDefaultProcessSeparationScreen false def % % For any given PostScript printer resolution, Frame products have two sets of % screen angles and frequencies for printing process separations, which are % recomended by Adobe. The following variable chooses the higher frequencies % when set to true or the lower frequencies when set to false. This is only % effective if the appropriate FMUseDefault...SeparationScreen flag is false. /FMUseHighFrequencyScreens true def % % The following is a set of predefined optimal frequencies and angles for various % common dpi settings. This is taken from "Advances in Color Separation Using % PostScript Software Technology," from Adobe Systems (3/13/89 P.N. LPS 0043) % and corrolated with information which is in various PPD (4.0) files. % % The "dpiranges" figure is the minimum dots per inch device resolution which % can support this setting. The "low" and "high" values are controlled by the % setting of the FMUseHighFrequencyScreens flag above. The "TDot" flags control % the use of the "Yellow Triple Dot" feature whereby the frequency id divided by % three, but the dot function is "trippled" giving a block of 3x3 dots per cell. % % PatFreq is a compromise pattern frequency for ps Level 2 printers which is close % to the ideal WYSIWYG pattern frequency of 9 repetitions/inch but does not beat % (too badly) against the screen frequencies of any separations for that DPI. /dpiranges [ 2540 2400 1693 1270 1200 635 600 0 ] def /CMLowFreqs [ 100.402 94.8683 89.2289 100.402 94.8683 66.9349 63.2456 47.4342 ] def /YLowFreqs [ 95.25 90.0 84.65 95.25 90.0 70.5556 66.6667 50.0 ] def /KLowFreqs [ 89.8026 84.8528 79.8088 89.8026 84.8528 74.8355 70.7107 53.033 ] def /CLowAngles [ 71.5651 71.5651 71.5651 71.5651 71.5651 71.5651 71.5651 71.5651 ] def /MLowAngles [ 18.4349 18.4349 18.4349 18.4349 18.4349 18.4349 18.4349 18.4349 ] def /YLowTDot [ true true false true true false false false ] def /CMHighFreqs [ 133.87 126.491 133.843 108.503 102.523 100.402 94.8683 63.2456 ] def /YHighFreqs [ 127.0 120.0 126.975 115.455 109.091 95.25 90.0 60.0 ] def /KHighFreqs [ 119.737 113.137 119.713 128.289 121.218 89.8026 84.8528 63.6395 ] def /CHighAngles [ 71.5651 71.5651 71.5651 70.0169 70.0169 71.5651 71.5651 71.5651 ] def /MHighAngles [ 18.4349 18.4349 18.4349 19.9831 19.9831 18.4349 18.4349 18.4349 ] def /YHighTDot [ false false true false false true true false ] def /PatFreq [ 10.5833 10.0 9.4055 10.5833 10.0 10.5833 10.0 9.375 ] def % % PostScript Level 2 printers contain an "Accurate Screens" feature which can % improve process separation rendering at the expense of compute time. This % flag is ignored by PostScript Level 1 printers. /FMUseAcccurateScreens true def % % The following PostScript procedure defines the spot function that Frame % products will use for process separations. You may un-comment-out one of % the alternative functions below, or use your own. % % Dot function /FMSpotFunction {abs exch abs 2 copy add 1 gt {1 sub dup mul exch 1 sub dup mul add 1 sub } {dup mul exch dup mul add 1 exch sub }ifelse } def % % Line function % /FMSpotFunction { pop } def % % Elipse function % /FMSpotFunction { dup 5 mul 8 div mul exch dup mul exch add % sqrt 1 exch sub } def % % /FMversion (5.0) def /fMLevel1 /languagelevel where {pop languagelevel} {1} ifelse 2 lt def /FMPColor fMLevel1 { false /colorimage where {pop pop true} if } { true } ifelse def /FrameDict 400 dict def systemdict /errordict known not {/errordict 10 dict def errordict /rangecheck {stop} put} if % The readline in PS 23.0 doesn't recognize cr's as nl's on AppleTalk FrameDict /tmprangecheck errordict /rangecheck get put errordict /rangecheck {FrameDict /bug true put} put FrameDict /bug false put mark % Some PS machines read past the CR, so keep the following 3 lines together! currentfile 5 string readline 00 0000000000 cleartomark errordict /rangecheck FrameDict /tmprangecheck get put FrameDict /bug get { /readline { /gstring exch def /gfile exch def /gindex 0 def { gfile read pop dup 10 eq {exit} if dup 13 eq {exit} if gstring exch gindex exch put /gindex gindex 1 add def } loop pop gstring 0 gindex getinterval true } bind def } if /FMshowpage /showpage load def /FMquit /quit load def /FMFAILURE { dup = flush FMshowpage /Helvetica findfont 12 scalefont setfont 72 200 moveto show 72 220 moveto show FMshowpage FMquit } def /FMVERSION { FMversion ne { (Frame product version does not match ps_prolog! Check installation;) (also check ~/fminit and ./fminit for old versions) FMFAILURE } if } def /FMBADEPSF { (Adobe's PostScript Language Reference Manual, 2nd Edition, section H.2.4) (says your EPS file is not valid, as it calls X ) dup dup (X) search pop exch pop exch pop length 5 -1 roll putinterval FMFAILURE } def /fmConcatProcs { /proc2 exch cvlit def/proc1 exch cvlit def/newproc proc1 length proc2 length add array def newproc 0 proc1 putinterval newproc proc1 length proc2 putinterval newproc cvx }def FrameDict begin [ /ALDsave /FMdicttop /FMoptop /FMpointsize /FMsaveobject /b /bitmapsave /blut /bpside /bs /bstring /bwidth /c /cf /cs /cynu /depth /edown /fh /fillvals /fw /fx /fy /g /gfile /gindex /grnt /gryt /gstring /height /hh /i /im /indx /is /k /kk /landscape /lb /len /llx /lly /m /magu /manualfeed /n /offbits /onbits /organgle /orgbangle /orgbfreq /orgbproc /orgbxfer /orgfreq /orggangle /orggfreq /orggproc /orggxfer /orgmatrix /orgproc /orgrangle /orgrfreq /orgrproc /orgrxfer /orgxfer /pagesave /paperheight /papersizedict /paperwidth /pos /pwid /r /rad /redt /sl /str /tran /u /urx /ury /val /width /width /ws /ww /x /x1 /x2 /xindex /xpoint /xscale /xx /y /y1 /y2 /yelu /yindex /ypoint /yscale /yy ] { 0 def } forall /FmBD {bind def} bind def systemdict /pdfmark known { /fMAcrobat true def /FmPD /pdfmark load def /FmPT /show load def currentdistillerparams /CoreDistVersion get 2000 ge { /FmPD2 /pdfmark load def /FmPA { mark exch /Dest exch 5 3 roll /View [ /XYZ null 6 -2 roll FmDC exch pop null] /DEST FmPD }FmBD } { /FmPD2 /cleartomark load def /FmPA {pop pop pop}FmBD } ifelse } { /fMAcrobat false def /FmPD /cleartomark load def /FmPD2 /cleartomark load def /FmPT /pop load def /FmPA {pop pop pop}FmBD } ifelse /FmDC { transform fMDefaultMatrix itransform cvi exch cvi exch }FmBD /FmBx { dup 3 index lt {3 1 roll exch} if 1 index 4 index lt {4 -1 roll 3 1 roll exch 4 1 roll} if }FmBD /FMnone 0 def /FMcyan 1 def /FMmagenta 2 def /FMyellow 3 def /FMblack 4 def /FMcustom 5 def /fMNegative false def /FrameSepIs FMnone def /FrameSepBlack 0 def /FrameSepYellow 0 def /FrameSepMagenta 0 def /FrameSepCyan 0 def /FrameSepRed 1 def /FrameSepGreen 1 def /FrameSepBlue 1 def /FrameCurGray 1 def /FrameCurPat null def /FrameCurColors [ 0 0 0 1 0 0 0 ] def /FrameColorEpsilon .001 def /eqepsilon { sub dup 0 lt {neg} if FrameColorEpsilon le } bind def /FrameCmpColorsCMYK { 2 copy 0 get exch 0 get eqepsilon { 2 copy 1 get exch 1 get eqepsilon { 2 copy 2 get exch 2 get eqepsilon { 3 get exch 3 get eqepsilon } {pop pop false} ifelse }{pop pop false} ifelse } {pop pop false} ifelse } bind def /FrameCmpColorsRGB { 2 copy 4 get exch 0 get eqepsilon { 2 copy 5 get exch 1 get eqepsilon { 6 get exch 2 get eqepsilon }{pop pop false} ifelse } {pop pop false} ifelse } bind def /RGBtoCMYK { 1 exch sub 3 1 roll 1 exch sub 3 1 roll 1 exch sub 3 1 roll 3 copy 2 copy le { pop } { exch pop } ifelse 2 copy le { pop } { exch pop } ifelse dup dup dup 6 1 roll 4 1 roll 7 1 roll sub 6 1 roll sub 5 1 roll sub 4 1 roll } bind def /CMYKtoRGB { dup dup 4 -1 roll add 5 1 roll 3 -1 roll add 4 1 roll add 1 exch sub dup 0 lt {pop 0} if 3 1 roll 1 exch sub dup 0 lt {pop 0} if exch 1 exch sub dup 0 lt {pop 0} if exch } bind def /FrameSepInit { 1.0 RealSetgray } bind def /FrameSetSepColor { /FrameSepBlue exch def /FrameSepGreen exch def /FrameSepRed exch def /FrameSepBlack exch def /FrameSepYellow exch def /FrameSepMagenta exch def /FrameSepCyan exch def /FrameSepIs FMcustom def setCurrentScreen } bind def /FrameSetCyan { /FrameSepBlue 1.0 def /FrameSepGreen 1.0 def /FrameSepRed 0.0 def /FrameSepBlack 0.0 def /FrameSepYellow 0.0 def /FrameSepMagenta 0.0 def /FrameSepCyan 1.0 def /FrameSepIs FMcyan def setCurrentScreen } bind def /FrameSetMagenta { /FrameSepBlue 1.0 def /FrameSepGreen 0.0 def /FrameSepRed 1.0 def /FrameSepBlack 0.0 def /FrameSepYellow 0.0 def /FrameSepMagenta 1.0 def /FrameSepCyan 0.0 def /FrameSepIs FMmagenta def setCurrentScreen } bind def /FrameSetYellow { /FrameSepBlue 0.0 def /FrameSepGreen 1.0 def /FrameSepRed 1.0 def /FrameSepBlack 0.0 def /FrameSepYellow 1.0 def /FrameSepMagenta 0.0 def /FrameSepCyan 0.0 def /FrameSepIs FMyellow def setCurrentScreen } bind def /FrameSetBlack { /FrameSepBlue 0.0 def /FrameSepGreen 0.0 def /FrameSepRed 0.0 def /FrameSepBlack 1.0 def /FrameSepYellow 0.0 def /FrameSepMagenta 0.0 def /FrameSepCyan 0.0 def /FrameSepIs FMblack def setCurrentScreen } bind def /FrameNoSep { /FrameSepIs FMnone def setCurrentScreen } bind def /FrameSetSepColors { FrameDict begin [ exch 1 add 1 roll ] /FrameSepColors exch def end } bind def /FrameColorInSepListCMYK { FrameSepColors { exch dup 3 -1 roll FrameCmpColorsCMYK { pop true exit } if } forall dup true ne {pop false} if } bind def /FrameColorInSepListRGB { FrameSepColors { exch dup 3 -1 roll FrameCmpColorsRGB { pop true exit } if } forall dup true ne {pop false} if } bind def /RealSetgray /setgray load def /RealSetrgbcolor /setrgbcolor load def /RealSethsbcolor /sethsbcolor load def end /setgray { FrameDict begin FrameSepIs FMnone eq { RealSetgray } { FrameSepIs FMblack eq { RealSetgray } { FrameSepIs FMcustom eq FrameSepRed 0 eq and FrameSepGreen 0 eq and FrameSepBlue 0 eq and { RealSetgray } { 1 RealSetgray pop } ifelse } ifelse } ifelse end } bind def /setrgbcolor { FrameDict begin FrameSepIs FMnone eq { RealSetrgbcolor } { 3 copy [ 4 1 roll ] FrameColorInSepListRGB { FrameSepBlue eq exch FrameSepGreen eq and exch FrameSepRed eq and { 0 } { 1 } ifelse } { FMPColor { RealSetrgbcolor currentcmykcolor } { RGBtoCMYK } ifelse FrameSepIs FMblack eq {1.0 exch sub 4 1 roll pop pop pop} { FrameSepIs FMyellow eq {pop 1.0 exch sub 3 1 roll pop pop} { FrameSepIs FMmagenta eq {pop pop 1.0 exch sub exch pop } { FrameSepIs FMcyan eq {pop pop pop 1.0 exch sub } {pop pop pop pop 1} ifelse } ifelse } ifelse } ifelse } ifelse RealSetgray } ifelse end } bind def /sethsbcolor { FrameDict begin FrameSepIs FMnone eq { RealSethsbcolor } { RealSethsbcolor currentrgbcolor setrgbcolor } ifelse end } bind def FrameDict begin /setcmykcolor where { pop /RealSetcmykcolor /setcmykcolor load def } { /RealSetcmykcolor { 4 1 roll 3 { 3 index add 0 max 1 min 1 exch sub 3 1 roll} repeat RealSetrgbcolor pop } bind def } ifelse userdict /setcmykcolor { FrameDict begin FrameSepIs FMnone eq { RealSetcmykcolor } { 4 copy [ 5 1 roll ] FrameColorInSepListCMYK { FrameSepBlack eq exch FrameSepYellow eq and exch FrameSepMagenta eq and exch FrameSepCyan eq and { 0 } { 1 } ifelse } { FrameSepIs FMblack eq {1.0 exch sub 4 1 roll pop pop pop} { FrameSepIs FMyellow eq {pop 1.0 exch sub 3 1 roll pop pop} { FrameSepIs FMmagenta eq {pop pop 1.0 exch sub exch pop } { FrameSepIs FMcyan eq {pop pop pop 1.0 exch sub } {pop pop pop pop 1} ifelse } ifelse } ifelse } ifelse } ifelse RealSetgray } ifelse end } bind put fMLevel1 { /patScreenDict 7 dict dup begin <0f1e3c78f0e1c387> [ 45 { pop } {exch pop} .5 2 sqrt] FmBD <0f87c3e1f0783c1e> [ 135 { pop } {exch pop} .5 2 sqrt] FmBD [ 0 { pop } dup .5 2 ] FmBD [ 90 { pop } dup .5 2 ] FmBD <8142241818244281> [ 45 { 2 copy lt {exch} if pop} dup .75 2 sqrt] FmBD <03060c183060c081> [ 45 { pop } {exch pop} .875 2 sqrt] FmBD <8040201008040201> [ 135 { pop } {exch pop} .875 2 sqrt] FmBD end def } { /patProcDict 5 dict dup begin <0f1e3c78f0e1c387> { 3 setlinewidth -1 -1 moveto 9 9 lineto stroke 4 -4 moveto 12 4 lineto stroke -4 4 moveto 4 12 lineto stroke} bind def <0f87c3e1f0783c1e> { 3 setlinewidth -1 9 moveto 9 -1 lineto stroke -4 4 moveto 4 -4 lineto stroke 4 12 moveto 12 4 lineto stroke} bind def <8142241818244281> { 1 setlinewidth -1 9 moveto 9 -1 lineto stroke -1 -1 moveto 9 9 lineto stroke } bind def <03060c183060c081> { 1 setlinewidth -1 -1 moveto 9 9 lineto stroke 4 -4 moveto 12 4 lineto stroke -4 4 moveto 4 12 lineto stroke} bind def <8040201008040201> { 1 setlinewidth -1 9 moveto 9 -1 lineto stroke -4 4 moveto 4 -4 lineto stroke 4 12 moveto 12 4 lineto stroke} bind def end def /patDict 15 dict dup begin /PatternType 1 def /PaintType 2 def /TilingType 3 def /BBox [ 0 0 8 8 ] def /XStep 8 def /YStep 8 def /PaintProc { begin patProcDict bstring known { patProcDict bstring get exec } { 8 8 true [1 0 0 -1 0 8] bstring imagemask } ifelse end } bind def end def } ifelse /combineColor { FrameSepIs FMnone eq { graymode fMLevel1 or not { [/Pattern [/DeviceCMYK]] setcolorspace FrameCurColors 0 4 getinterval aload pop FrameCurPat setcolor } { FrameCurColors 3 get 1.0 ge { FrameCurGray RealSetgray } { fMAcrobat not FMPColor graymode and and { 0 1 3 { FrameCurColors exch get 1 FrameCurGray sub mul } for RealSetcmykcolor } { 4 1 6 { FrameCurColors exch get graymode { 1 exch sub 1 FrameCurGray sub mul 1 exch sub } { 1.0 lt {FrameCurGray} {1} ifelse } ifelse } for RealSetrgbcolor } ifelse } ifelse } ifelse } { FrameCurColors 0 4 getinterval aload FrameColorInSepListCMYK { FrameSepBlack eq exch FrameSepYellow eq and exch FrameSepMagenta eq and exch FrameSepCyan eq and FrameSepIs FMcustom eq and { FrameCurGray } { 1 } ifelse } { FrameSepIs FMblack eq {FrameCurGray 1.0 exch sub mul 1.0 exch sub 4 1 roll pop pop pop} { FrameSepIs FMyellow eq {pop FrameCurGray 1.0 exch sub mul 1.0 exch sub 3 1 roll pop pop} { FrameSepIs FMmagenta eq {pop pop FrameCurGray 1.0 exch sub mul 1.0 exch sub exch pop } { FrameSepIs FMcyan eq {pop pop pop FrameCurGray 1.0 exch sub mul 1.0 exch sub } {pop pop pop pop 1} ifelse } ifelse } ifelse } ifelse } ifelse graymode fMLevel1 or not { [/Pattern [/DeviceGray]] setcolorspace FrameCurPat setcolor } { graymode not fMLevel1 and { dup 1 lt {pop FrameCurGray} if } if RealSetgray } ifelse } ifelse } bind def /savematrix { orgmatrix currentmatrix pop } bind def /restorematrix { orgmatrix setmatrix } bind def /fMDefaultMatrix matrix defaultmatrix def /fMatrix2 matrix def /dpi 72 0 fMDefaultMatrix dtransform dup mul exch dup mul add sqrt def /freq dpi dup 72 div round dup 0 eq {pop 1} if 8 mul div def /sangle 1 0 fMDefaultMatrix dtransform exch atan def sangle fMatrix2 rotate fMDefaultMatrix fMatrix2 concatmatrix dup 0 get /sflipx exch def 3 get /sflipy exch def /screenIndex { 0 1 dpiranges length 1 sub { dup dpiranges exch get 1 sub dpi le {exit} {pop} ifelse } for } bind def /getCyanScreen { FMUseHighFrequencyScreens { CHighAngles CMHighFreqs} {CLowAngles CMLowFreqs} ifelse screenIndex dup 3 1 roll get 3 1 roll get /FMSpotFunction load } bind def /getMagentaScreen { FMUseHighFrequencyScreens { MHighAngles CMHighFreqs } {MLowAngles CMLowFreqs} ifelse screenIndex dup 3 1 roll get 3 1 roll get /FMSpotFunction load } bind def /getYellowScreen { FMUseHighFrequencyScreens { YHighTDot YHighFreqs} { YLowTDot YLowFreqs } ifelse screenIndex dup 3 1 roll get 3 1 roll get { 3 div {2 { 1 add 2 div 3 mul dup floor sub 2 mul 1 sub exch} repeat FMSpotFunction } } {/FMSpotFunction load } ifelse 0.0 exch } bind def /getBlackScreen { FMUseHighFrequencyScreens { KHighFreqs } { KLowFreqs } ifelse screenIndex get 45.0 /FMSpotFunction load } bind def /getSpotScreen { getBlackScreen } bind def /getCompositeScreen { getBlackScreen } bind def /FMSetScreen fMLevel1 { /setscreen load }{ { 8 dict begin /HalftoneType 1 def /SpotFunction exch def /Angle exch def /Frequency exch def /AccurateScreens FMUseAcccurateScreens def currentdict end sethalftone } bind } ifelse def /setDefaultScreen { FMPColor { orgrxfer cvx orggxfer cvx orgbxfer cvx orgxfer cvx setcolortransfer } { orgxfer cvx settransfer } ifelse orgfreq organgle orgproc cvx setscreen } bind def /setCurrentScreen { FrameSepIs FMnone eq { FMUseDefaultNoSeparationScreen { setDefaultScreen } { getCompositeScreen FMSetScreen } ifelse } { FrameSepIs FMcustom eq { FMUseDefaultSpotSeparationScreen { setDefaultScreen } { getSpotScreen FMSetScreen } ifelse } { FMUseDefaultProcessSeparationScreen { setDefaultScreen } { FrameSepIs FMcyan eq { getCyanScreen FMSetScreen } { FrameSepIs FMmagenta eq { getMagentaScreen FMSetScreen } { FrameSepIs FMyellow eq { getYellowScreen FMSetScreen } { getBlackScreen FMSetScreen } ifelse } ifelse } ifelse } ifelse } ifelse } ifelse } bind def end /FMDOCUMENT { array /FMfonts exch def /#copies exch def FrameDict begin 0 ne /manualfeed exch def /paperheight exch def /paperwidth exch def 0 ne /fMNegative exch def 0 ne /edown exch def /yscale exch def /xscale exch def fMLevel1 { manualfeed {setmanualfeed} if /FMdicttop countdictstack 1 add def /FMoptop count def setpapername manualfeed {true} {papersize} ifelse {manualpapersize} {false} ifelse {desperatepapersize} {false} ifelse {papersizefailure} if count -1 FMoptop {pop pop} for countdictstack -1 FMdicttop {pop end} for } {2 dict dup /PageSize [paperwidth paperheight] put manualfeed {dup /ManualFeed manualfeed put} if {setpagedevice} stopped {papersizefailure} if } ifelse FMPColor { currentcolorscreen cvlit /orgproc exch def /organgle exch def /orgfreq exch def cvlit /orgbproc exch def /orgbangle exch def /orgbfreq exch def cvlit /orggproc exch def /orggangle exch def /orggfreq exch def cvlit /orgrproc exch def /orgrangle exch def /orgrfreq exch def currentcolortransfer fMNegative { 1 1 4 { pop { 1 exch sub } fmConcatProcs 4 1 roll } for 4 copy setcolortransfer } if cvlit /orgxfer exch def cvlit /orgbxfer exch def cvlit /orggxfer exch def cvlit /orgrxfer exch def } { currentscreen cvlit /orgproc exch def /organgle exch def /orgfreq exch def currenttransfer fMNegative { { 1 exch sub } fmConcatProcs dup settransfer } if cvlit /orgxfer exch def } ifelse end } def /FMBEGINPAGE { FrameDict begin /pagesave save def 3.86 setmiterlimit /landscape exch 0 ne def landscape { 90 rotate 0 exch dup /pwid exch def neg translate pop }{ pop /pwid exch def } ifelse edown { [-1 0 0 1 pwid 0] concat } if 0 0 moveto paperwidth 0 lineto paperwidth paperheight lineto 0 paperheight lineto 0 0 lineto 1 setgray fill xscale yscale scale /orgmatrix matrix def gsave } def /FMENDPAGE { grestore pagesave restore end showpage } def /FMFONTDEFINE { FrameDict begin findfont ReEncode 1 index exch definefont FMfonts 3 1 roll put end } def /FMFILLS { FrameDict begin dup array /fillvals exch def dict /patCache exch def end } def /FMFILL { FrameDict begin fillvals 3 1 roll put end } def /FMNORMALIZEGRAPHICS { newpath 1 setlinewidth 0 setlinecap 0 0 0 sethsbcolor 0 setgray } bind def /FMBEGINEPSF { end /FMEPSF save def /showpage {} def % See Adobe's "PostScript Language Reference Manual, 2nd Edition", page 714. % "...the following operators MUST NOT be used in an EPS file:" (emphasis ours) /banddevice {(banddevice) FMBADEPSF} def /clear {(clear) FMBADEPSF} def /cleardictstack {(cleardictstack) FMBADEPSF} def /copypage {(copypage) FMBADEPSF} def /erasepage {(erasepage) FMBADEPSF} def /exitserver {(exitserver) FMBADEPSF} def /framedevice {(framedevice) FMBADEPSF} def /grestoreall {(grestoreall) FMBADEPSF} def /initclip {(initclip) FMBADEPSF} def /initgraphics {(initgraphics) FMBADEPSF} def /quit {(quit) FMBADEPSF} def /renderbands {(renderbands) FMBADEPSF} def /setglobal {(setglobal) FMBADEPSF} def /setpagedevice {(setpagedevice) FMBADEPSF} def /setshared {(setshared) FMBADEPSF} def /startjob {(startjob) FMBADEPSF} def /lettertray {(lettertray) FMBADEPSF} def /letter {(letter) FMBADEPSF} def /lettersmall {(lettersmall) FMBADEPSF} def /11x17tray {(11x17tray) FMBADEPSF} def /11x17 {(11x17) FMBADEPSF} def /ledgertray {(ledgertray) FMBADEPSF} def /ledger {(ledger) FMBADEPSF} def /legaltray {(legaltray) FMBADEPSF} def /legal {(legal) FMBADEPSF} def /statementtray {(statementtray) FMBADEPSF} def /statement {(statement) FMBADEPSF} def /executivetray {(executivetray) FMBADEPSF} def /executive {(executive) FMBADEPSF} def /a3tray {(a3tray) FMBADEPSF} def /a3 {(a3) FMBADEPSF} def /a4tray {(a4tray) FMBADEPSF} def /a4 {(a4) FMBADEPSF} def /a4small {(a4small) FMBADEPSF} def /b4tray {(b4tray) FMBADEPSF} def /b4 {(b4) FMBADEPSF} def /b5tray {(b5tray) FMBADEPSF} def /b5 {(b5) FMBADEPSF} def FMNORMALIZEGRAPHICS [/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall fx fw 2 div add fy fh 2 div add translate rotate fw 2 div neg fh 2 div neg translate fw urx llx sub div fh ury lly sub div scale llx neg lly neg translate /FMdicttop countdictstack 1 add def /FMoptop count def } bind def /FMENDEPSF { count -1 FMoptop {pop pop} for countdictstack -1 FMdicttop {pop end} for FMEPSF restore FrameDict begin } bind def FrameDict begin /setmanualfeed { %%BeginFeature *ManualFeed True statusdict /manualfeed true put %%EndFeature } bind def /max {2 copy lt {exch} if pop} bind def /min {2 copy gt {exch} if pop} bind def /inch {72 mul} def /pagedimen { paperheight sub abs 16 lt exch paperwidth sub abs 16 lt and {/papername exch def} {pop} ifelse } bind def /setpapername { /papersizedict 14 dict def papersizedict begin /papername /unknown def /Letter 8.5 inch 11.0 inch pagedimen /LetterSmall 7.68 inch 10.16 inch pagedimen /Tabloid 11.0 inch 17.0 inch pagedimen /Ledger 17.0 inch 11.0 inch pagedimen /Legal 8.5 inch 14.0 inch pagedimen /Statement 5.5 inch 8.5 inch pagedimen /Executive 7.5 inch 10.0 inch pagedimen /A3 11.69 inch 16.5 inch pagedimen /A4 8.26 inch 11.69 inch pagedimen /A4Small 7.47 inch 10.85 inch pagedimen /B4 10.125 inch 14.33 inch pagedimen /B5 7.16 inch 10.125 inch pagedimen end } bind def /papersize { papersizedict begin /Letter {lettertray letter} def /LetterSmall {lettertray lettersmall} def /Tabloid {11x17tray 11x17} def /Ledger {ledgertray ledger} def /Legal {legaltray legal} def /Statement {statementtray statement} def /Executive {executivetray executive} def /A3 {a3tray a3} def /A4 {a4tray a4} def /A4Small {a4tray a4small} def /B4 {b4tray b4} def /B5 {b5tray b5} def /unknown {unknown} def papersizedict dup papername known {papername} {/unknown} ifelse get end statusdict begin stopped end } bind def /manualpapersize { papersizedict begin /Letter {letter} def /LetterSmall {lettersmall} def /Tabloid {11x17} def /Ledger {ledger} def /Legal {legal} def /Statement {statement} def /Executive {executive} def /A3 {a3} def /A4 {a4} def /A4Small {a4small} def /B4 {b4} def /B5 {b5} def /unknown {unknown} def papersizedict dup papername known {papername} {/unknown} ifelse get end stopped } bind def /desperatepapersize { statusdict /setpageparams known { paperwidth paperheight 0 1 statusdict begin {setpageparams} stopped end } {true} ifelse } bind def /papersizefailure { FMAllowPaperSizeMismatch not { (The requested paper size is not available in any currently-installed tray) (Edit the PS file to "FMAllowPaperSizeMismatch true" to use default tray) FMFAILURE } if } def /DiacriticEncoding [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quotesingle /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute /Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis /atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis /iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve /ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex /udieresis /dagger /.notdef /cent /sterling /section /bullet /paragraph /germandbls /registered /copyright /trademark /acute /dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef /yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown /exclamdown /logicalnot /.notdef /florin /.notdef /.notdef /guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde /Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright /quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis /fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl /periodcentered /quotesinglbase /quotedblbase /perthousand /Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute /Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve /Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron /breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron ] def /ReEncode { dup length dict begin { 1 index /FID ne {def} {pop pop} ifelse } forall 0 eq {/Encoding DiacriticEncoding def} if currentdict end } bind def FMPColor { /BEGINBITMAPCOLOR { BITMAPCOLOR} def /BEGINBITMAPCOLORc { BITMAPCOLORc} def /BEGINBITMAPTRUECOLOR { BITMAPTRUECOLOR } def /BEGINBITMAPTRUECOLORc { BITMAPTRUECOLORc } def /BEGINBITMAPCMYK { BITMAPCMYK } def /BEGINBITMAPCMYKc { BITMAPCMYKc } def } { /BEGINBITMAPCOLOR { BITMAPGRAY} def /BEGINBITMAPCOLORc { BITMAPGRAYc} def /BEGINBITMAPTRUECOLOR { BITMAPTRUEGRAY } def /BEGINBITMAPTRUECOLORc { BITMAPTRUEGRAYc } def /BEGINBITMAPCMYK { BITMAPCMYKGRAY } def /BEGINBITMAPCMYKc { BITMAPCMYKGRAYc } def } ifelse /K { FMPrintAllColorsAsBlack { dup 1 eq 2 index 1 eq and 3 index 1 eq and not {7 {pop} repeat 0 0 0 1 0 0 0} if } if FrameCurColors astore pop combineColor } bind def /graymode true def fMLevel1 { /fmGetFlip { fMatrix2 exch get mul 0 lt { -1 } { 1 } ifelse } FmBD } if /setPatternMode { fMLevel1 { 2 index patScreenDict exch known { pop pop patScreenDict exch get aload pop freq mul 5 2 roll fMatrix2 currentmatrix 1 get 0 ne { 3 -1 roll 90 add 3 1 roll sflipx 1 fmGetFlip sflipy 2 fmGetFlip neg mul } { sflipx 0 fmGetFlip sflipy 3 fmGetFlip mul } ifelse 0 lt {exch pop} {pop} ifelse fMNegative { {neg} fmConcatProcs } if bind systemdict /setscreen get exec /FrameCurGray exch def } { /bwidth exch def /bpside exch def /bstring exch def /onbits 0 def /offbits 0 def freq sangle landscape {90 add} if {/ypoint exch def /xpoint exch def /xindex xpoint 1 add 2 div bpside mul cvi def /yindex ypoint 1 add 2 div bpside mul cvi def bstring yindex bwidth mul xindex 8 idiv add get 1 7 xindex 8 mod sub bitshift and 0 ne fMNegative {not} if {/onbits onbits 1 add def 1} {/offbits offbits 1 add def 0} ifelse } setscreen offbits offbits onbits add div fMNegative {1.0 exch sub} if /FrameCurGray exch def } ifelse } { pop pop dup patCache exch known { patCache exch get } { dup patDict /bstring 3 -1 roll put patDict 9 PatFreq screenIndex get div dup matrix scale makepattern dup patCache 4 -1 roll 3 -1 roll put } ifelse /FrameCurGray 0 def /FrameCurPat exch def } ifelse /graymode false def combineColor } bind def /setGrayScaleMode { graymode not { /graymode true def fMLevel1 { setCurrentScreen } if } if /FrameCurGray exch def combineColor } bind def /normalize { transform round exch round exch itransform } bind def /dnormalize { dtransform round exch round exch idtransform } bind def /lnormalize { 0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop } bind def /H { lnormalize setlinewidth } bind def /Z { setlinecap } bind def /PFill { graymode fMLevel1 or not { gsave 1 setgray eofill grestore } if } bind def /PStroke { graymode fMLevel1 or not { gsave 1 setgray stroke grestore } if stroke } bind def /X { fillvals exch get dup type /stringtype eq {8 1 setPatternMode} {setGrayScaleMode} ifelse } bind def /V { PFill gsave eofill grestore } bind def /Vclip { clip } bind def /Vstrk { currentlinewidth exch setlinewidth PStroke setlinewidth } bind def /N { PStroke } bind def /Nclip { strokepath clip newpath } bind def /Nstrk { currentlinewidth exch setlinewidth PStroke setlinewidth } bind def /M {newpath moveto} bind def /E {lineto} bind def /D {curveto} bind def /O {closepath} bind def /L { /n exch def newpath normalize moveto 2 1 n {pop normalize lineto} for } bind def /Y { L closepath } bind def /R { /y2 exch def /x2 exch def /y1 exch def /x1 exch def x1 y1 x2 y1 x2 y2 x1 y2 4 Y } bind def /rarc {rad arcto } bind def /RR { /rad exch def normalize /y2 exch def /x2 exch def normalize /y1 exch def /x1 exch def mark newpath { x1 y1 rad add moveto x1 y2 x2 y2 rarc x2 y2 x2 y1 rarc x2 y1 x1 y1 rarc x1 y1 x1 y2 rarc closepath } stopped {x1 y1 x2 y2 R} if cleartomark } bind def /RRR { /rad exch def normalize /y4 exch def /x4 exch def normalize /y3 exch def /x3 exch def normalize /y2 exch def /x2 exch def normalize /y1 exch def /x1 exch def newpath normalize moveto mark { x2 y2 x3 y3 rarc x3 y3 x4 y4 rarc x4 y4 x1 y1 rarc x1 y1 x2 y2 rarc closepath } stopped {x1 y1 x2 y2 x3 y3 x4 y4 newpath moveto lineto lineto lineto closepath} if cleartomark } bind def /C { grestore gsave R clip setCurrentScreen } bind def /CP { grestore gsave Y clip setCurrentScreen } bind def /F { FMfonts exch get FMpointsize scalefont setfont } bind def /Q { /FMpointsize exch def F } bind def /T { moveto show } bind def /RF { rotate 0 ne {-1 1 scale} if } bind def /TF { gsave moveto RF show grestore } bind def /P { moveto 0 32 3 2 roll widthshow } bind def /PF { gsave moveto RF 0 32 3 2 roll widthshow grestore } bind def /S { moveto 0 exch ashow } bind def /SF { gsave moveto RF 0 exch ashow grestore } bind def /B { moveto 0 32 4 2 roll 0 exch awidthshow } bind def /BF { gsave moveto RF 0 32 4 2 roll 0 exch awidthshow grestore } bind def /G { gsave newpath normalize translate 0.0 0.0 moveto dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath PFill fill grestore } bind def /Gstrk { savematrix newpath 2 index 2 div add exch 3 index 2 div sub exch normalize 2 index 2 div sub exch 3 index 2 div add exch translate scale 0.0 0.0 1.0 5 3 roll arc restorematrix currentlinewidth exch setlinewidth PStroke setlinewidth } bind def /Gclip { newpath savematrix normalize translate 0.0 0.0 moveto dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath clip newpath restorematrix } bind def /GG { gsave newpath normalize translate 0.0 0.0 moveto rotate dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath PFill fill grestore } bind def /GGclip { savematrix newpath normalize translate 0.0 0.0 moveto rotate dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath clip newpath restorematrix } bind def /GGstrk { savematrix newpath normalize translate 0.0 0.0 moveto rotate dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath restorematrix currentlinewidth exch setlinewidth PStroke setlinewidth } bind def /A { gsave savematrix newpath 2 index 2 div add exch 3 index 2 div sub exch normalize 2 index 2 div sub exch 3 index 2 div add exch translate scale 0.0 0.0 1.0 5 3 roll arc restorematrix PStroke grestore } bind def /Aclip { newpath savematrix normalize translate 0.0 0.0 moveto dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath strokepath clip newpath restorematrix } bind def /Astrk { Gstrk } bind def /AA { gsave savematrix newpath 3 index 2 div add exch 4 index 2 div sub exch normalize 3 index 2 div sub exch 4 index 2 div add exch translate rotate scale 0.0 0.0 1.0 5 3 roll arc restorematrix PStroke grestore } bind def /AAclip { savematrix newpath normalize translate 0.0 0.0 moveto rotate dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath strokepath clip newpath restorematrix } bind def /AAstrk { GGstrk } bind def /BEGINPRINTCODE { /FMdicttop countdictstack 1 add def /FMoptop count 7 sub def /FMsaveobject save def userdict begin /showpage {} def FMNORMALIZEGRAPHICS 3 index neg 3 index neg translate } bind def /ENDPRINTCODE { count -1 FMoptop {pop pop} for countdictstack -1 FMdicttop {pop end} for FMsaveobject restore } bind def /gn { 0 { 46 mul cf read pop 32 sub dup 46 lt {exit} if 46 sub add } loop add } bind def /cfs { /str sl string def 0 1 sl 1 sub {str exch val put} for str def } bind def /ic [ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 0 {0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx} {10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx} {19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12} {13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh} {4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh} {13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl} {7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl} {0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl} {10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl} ] def /ms { /sl exch def /val 255 def /ws cfs /im cfs /val 0 def /bs cfs /cs cfs } bind def 400 ms /ip { is 0 cf cs readline pop { ic exch get exec add } forall pop } bind def /rip { bis ris copy pop is 0 cf cs readline pop { ic exch get exec add } forall pop pop ris gis copy pop dup is exch cf cs readline pop { ic exch get exec add } forall pop pop gis bis copy pop dup add is exch cf cs readline pop { ic exch get exec add } forall pop } bind def /rip4 { kis cis copy pop is 0 cf cs readline pop { ic exch get exec add } forall pop pop cis mis copy pop dup is exch cf cs readline pop { ic exch get exec add } forall pop pop mis yis copy pop dup dup add is exch cf cs readline pop { ic exch get exec add } forall pop pop yis kis copy pop 3 mul is exch cf cs readline pop { ic exch get exec add } forall pop } bind def /wh { /len exch def /pos exch def ws 0 len getinterval im pos len getinterval copy pop pos len } bind def /bl { /len exch def /pos exch def bs 0 len getinterval im pos len getinterval copy pop pos len } bind def /s1 1 string def /fl { /len exch def /pos exch def /val cf s1 readhexstring pop 0 get def pos 1 pos len add 1 sub {im exch val put} for pos len } bind def /hx { 3 copy getinterval cf exch readhexstring pop pop } bind def /wbytes { dup dup 8 gt { pop 8 idiv mul } { 8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse } ifelse } bind def /BEGINBITMAPBWc { 1 {} COMMONBITMAPc } bind def /BEGINBITMAPGRAYc { 8 {} COMMONBITMAPc } bind def /BEGINBITMAP2BITc { 2 {} COMMONBITMAPc } bind def /COMMONBITMAPc { /cvtProc exch def /depth exch def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def cvtProc /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height depth [width 0 0 height neg 0 height] {ip} image bitmapsave restore grestore } bind def /BEGINBITMAPBW { 1 {} COMMONBITMAP } bind def /BEGINBITMAPGRAY { 8 {} COMMONBITMAP } bind def /BEGINBITMAP2BIT { 2 {} COMMONBITMAP } bind def /COMMONBITMAP { /cvtProc exch def /depth exch def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def cvtProc /is width depth wbytes string def /cf currentfile def width height depth [width 0 0 height neg 0 height] {cf is readhexstring pop} image bitmapsave restore grestore } bind def /ngrayt 256 array def /nredt 256 array def /nbluet 256 array def /ngreent 256 array def fMLevel1 { /colorsetup { currentcolortransfer /gryt exch def /blut exch def /grnt exch def /redt exch def 0 1 255 { /indx exch def /cynu 1 red indx get 255 div sub def /magu 1 green indx get 255 div sub def /yelu 1 blue indx get 255 div sub def /kk cynu magu min yelu min def /u kk currentundercolorremoval exec def % /u 0 def nredt indx 1 0 cynu u sub max sub redt exec put ngreent indx 1 0 magu u sub max sub grnt exec put nbluet indx 1 0 yelu u sub max sub blut exec put ngrayt indx 1 kk currentblackgeneration exec sub gryt exec put } for {255 mul cvi nredt exch get} {255 mul cvi ngreent exch get} {255 mul cvi nbluet exch get} {255 mul cvi ngrayt exch get} setcolortransfer {pop 0} setundercolorremoval {} setblackgeneration } bind def } { /colorSetup2 { [ /Indexed /DeviceRGB 255 {dup red exch get 255 div exch dup green exch get 255 div exch blue exch get 255 div} ] setcolorspace } bind def } ifelse /fakecolorsetup { /tran 256 string def 0 1 255 {/indx exch def tran indx red indx get 77 mul green indx get 151 mul blue indx get 28 mul add add 256 idiv put} for currenttransfer {255 mul cvi tran exch get 255.0 div} exch fmConcatProcs settransfer } bind def /BITMAPCOLOR { /depth 8 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def fMLevel1 { colorsetup /is width depth wbytes string def /cf currentfile def width height depth [width 0 0 height neg 0 height] {cf is readhexstring pop} {is} {is} true 3 colorimage } { colorSetup2 /is width depth wbytes string def /cf currentfile def 7 dict dup begin /ImageType 1 def /Width width def /Height height def /ImageMatrix [width 0 0 height neg 0 height] def /DataSource {cf is readhexstring pop} bind def /BitsPerComponent depth def /Decode [0 255] def end image } ifelse bitmapsave restore grestore } bind def /BITMAPCOLORc { /depth 8 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def fMLevel1 { colorsetup /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height depth [width 0 0 height neg 0 height] {ip} {is} {is} true 3 colorimage } { colorSetup2 /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def 7 dict dup begin /ImageType 1 def /Width width def /Height height def /ImageMatrix [width 0 0 height neg 0 height] def /DataSource {ip} bind def /BitsPerComponent depth def /Decode [0 255] def end image } ifelse bitmapsave restore grestore } bind def /BITMAPTRUECOLORc { /depth 24 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def /is im 0 lb getinterval def /ris im 0 width getinterval def /gis im width width getinterval def /bis im width 2 mul width getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height 8 [width 0 0 height neg 0 height] {width rip pop ris} {gis} {bis} true 3 colorimage bitmapsave restore grestore } bind def /BITMAPCMYKc { /depth 32 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def /is im 0 lb getinterval def /cis im 0 width getinterval def /mis im width width getinterval def /yis im width 2 mul width getinterval def /kis im width 3 mul width getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height 8 [width 0 0 height neg 0 height] {width rip4 pop cis} {mis} {yis} {kis} true 4 colorimage bitmapsave restore grestore } bind def /BITMAPTRUECOLOR { gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def /is width string def /gis width string def /bis width string def /cf currentfile def width height 8 [width 0 0 height neg 0 height] { cf is readhexstring pop } { cf gis readhexstring pop } { cf bis readhexstring pop } true 3 colorimage bitmapsave restore grestore } bind def /BITMAPCMYK { gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def /is width string def /mis width string def /yis width string def /kis width string def /cf currentfile def width height 8 [width 0 0 height neg 0 height] { cf is readhexstring pop } { cf mis readhexstring pop } { cf yis readhexstring pop } { cf kis readhexstring pop } true 4 colorimage bitmapsave restore grestore } bind def /BITMAPTRUEGRAYc { /depth 24 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def /is im 0 lb getinterval def /ris im 0 width getinterval def /gis im width width getinterval def /bis im width 2 mul width getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height 8 [width 0 0 height neg 0 height] {width rip pop ris gis bis width gray} image bitmapsave restore grestore } bind def /BITMAPCMYKGRAYc { /depth 32 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def /is im 0 lb getinterval def /cis im 0 width getinterval def /mis im width width getinterval def /yis im width 2 mul width getinterval def /kis im width 3 mul width getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height 8 [width 0 0 height neg 0 height] {width rip pop cis mis yis kis width cgray} image bitmapsave restore grestore } bind def /cgray { /ww exch def /k exch def /y exch def /m exch def /c exch def 0 1 ww 1 sub { /i exch def c i get m i get y i get k i get CMYKtoRGB .144 mul 3 1 roll .587 mul 3 1 roll .299 mul add add c i 3 -1 roll floor cvi put } for c } bind def /gray { /ww exch def /b exch def /g exch def /r exch def 0 1 ww 1 sub { /i exch def r i get .299 mul g i get .587 mul b i get .114 mul add add r i 3 -1 roll floor cvi put } for r } bind def /BITMAPTRUEGRAY { gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def /is width string def /gis width string def /bis width string def /cf currentfile def width height 8 [width 0 0 height neg 0 height] { cf is readhexstring pop cf gis readhexstring pop cf bis readhexstring pop width gray} image bitmapsave restore grestore } bind def /BITMAPCMYKGRAY { gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def /is width string def /yis width string def /mis width string def /kis width string def /cf currentfile def width height 8 [width 0 0 height neg 0 height] { cf is readhexstring pop cf mis readhexstring pop cf yis readhexstring pop cf kis readhexstring pop width cgray} image bitmapsave restore grestore } bind def /BITMAPGRAY { 8 {fakecolorsetup} COMMONBITMAP } bind def /BITMAPGRAYc { 8 {fakecolorsetup} COMMONBITMAPc } bind def /ENDBITMAP { } bind def end /ALDmatrix matrix def ALDmatrix currentmatrix pop /StartALD { /ALDsave save def savematrix ALDmatrix setmatrix } bind def /InALD { restorematrix } bind def /DoneALD { ALDsave restore } bind def /I { setdash } bind def /J { [] 0 setdash } bind def %%EndProlog %%BeginSetup (5.0) FMVERSION 1 1 0 0 612 792 0 1 6 FMDOCUMENT 0 0 /Helvetica-Bold FMFONTDEFINE 1 0 /Helvetica-Oblique FMFONTDEFINE 2 0 /Helvetica-BoldOblique FMFONTDEFINE 3 0 /Helvetica FMFONTDEFINE 32 FMFILLS 0 0 FMFILL 1 0.1 FMFILL 2 0.3 FMFILL 3 0.5 FMFILL 4 0.7 FMFILL 5 0.9 FMFILL 6 0.97 FMFILL 7 1 FMFILL 8 <0f1e3c78f0e1c387> FMFILL 9 <0f87c3e1f0783c1e> FMFILL 10 FMFILL 11 FMFILL 12 <8142241818244281> FMFILL 13 <03060c183060c081> FMFILL 14 <8040201008040201> FMFILL 16 1 FMFILL 17 0.9 FMFILL 18 0.7 FMFILL 19 0.5 FMFILL 20 0.3 FMFILL 21 0.1 FMFILL 22 0.03 FMFILL 23 0 FMFILL 24 FMFILL 25 FMFILL 26 <3333333333333333> FMFILL 27 <0000ffff0000ffff> FMFILL 28 <7ebddbe7e7dbbd7e> FMFILL 29 FMFILL 30 <7fbfdfeff7fbfdfe> FMFILL %%EndSetup %%Page: "mini" 1 %%BeginPaperSize: Letter %%EndPaperSize 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 0 0 0 1 0 0 0 K J 27 538.94 301.5 751.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 550.27 276.54 553.73 R 7 X 0 0 0 1 0 0 0 K V 58.19 563.9 270.31 719.86 R V 0 12.48 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt) 61.29 711.54 T (Summary of discussion and issues) 59.89 678.27 T (Mike Eisler, Document Editor) 77.93 645 T (mre@Eng.Sun.Com) 105.83 611.73 T 0 0 0 1 0 0 0 K 310.5 538.94 585 751.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 335.45 735.11 560.04 738.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 394.11 736.27 T (Slide 2) 549.45 736.27 T 335.45 550.27 560.04 553.73 R 7 X V 0 X (Mike Eisler, Document Editor) 425.41 551.42 T 1 1 0 0 0 0 1 K 335.45 557.66 560.04 722.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 341.69 563.9 553.81 719.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (OVERVIEW OF DISCUSSION AND ISSUES) 364.79 714.32 T (\245) 341.69 698.38 T (Negotiation of mechanism - unresolved) 347.93 698.38 T (\245) 341.69 682.78 T (Specification of QOP/Service values - unresolved) 347.93 682.78 T (\245) 341.69 667.18 T -0.79 (Denial of service of attacks using sequence numbers) 347.93 667.18 P (- unresolved) 347.93 657.13 T (\245) 341.69 641.53 T (Clarify integrity check wording - resolved) 347.93 641.53 T (\245) 341.69 625.94 T (RPCSEC_GSS vs. GSS errors - resolved) 347.93 625.94 T (\245) 341.69 610.34 T (Generation of session handles - resolved) 347.93 610.34 T (\245) 341.69 594.74 T (Version negotiation - unresolved) 347.93 594.74 T (\245) 341.69 579.15 T (gss_get_mic\050\051 vs. gss_wrap\050\051 - unresolved) 347.93 579.15 T 0 0 0 1 0 0 0 K 27 289.94 301.5 502.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 486.11 276.54 489.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 110.61 487.27 T (Slide 3) 265.95 487.27 T 51.96 301.27 276.54 304.73 R 7 X V 0 X (Mike Eisler, Document Editor) 141.91 302.42 T 1 1 0 0 0 0 1 K 51.96 308.66 276.54 473.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 58.19 314.9 270.31 470.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (\245) 58.19 465.32 T (section 6.2 - flooding attacks - resolved) 64.43 465.32 T (\245) 58.19 449.72 T (section 5.2.1 - context creation messages -) 64.43 449.72 T (unresolved) 64.43 439.67 T (\245) 58.19 424.07 T (data type of gss_proc - resolved) 64.43 424.07 T (\245) 58.19 408.48 T (GSS-API V1 references vs. GSS-API V2 - unresolved) 64.43 408.48 T 0 0 0 1 0 0 0 K 310.5 289.94 585 502.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 335.45 486.11 560.04 489.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 394.11 487.27 T (Slide 4) 549.45 487.27 T 335.45 301.27 560.04 304.73 R 7 X V 0 X (Mike Eisler, Document Editor) 425.41 302.42 T 1 1 0 0 0 0 1 K 335.45 308.66 560.04 473.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 341.69 314.9 553.81 470.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (NEGOTIATION OF MECHANISM) 385.13 465.32 T (\245) 341.69 449.38 T (John Linn: \322no facility at the rpcsec_gss layer to) 347.93 449.38 T (transport or negotiate GSS-API mechanism) 347.93 439.32 T (identifiers, mechanism selection must either \050a\051 be) 347.93 429.27 T (static, \050b\051 be performed out-of-band, or \050c\051 be) 347.93 419.22 T (negotiated within the GSS layer\323) 347.93 409.17 T (\245) 341.69 393.57 T (Anonymous: \322... ONC RPC model doesn't stretch) 347.93 393.57 T -0.34 (very well to include models such as negotiated QOS) 347.93 383.52 P (or authentication flavor.... if you don't add such) 347.93 373.47 T (improvements to ONC RPC, there's little attracting) 347.93 363.42 T (me to ONC over the alternatives.\323) 347.93 353.37 T 2 F (\245) 341.69 337.77 T (Are the above issues serious enough to hold back) 347.93 337.77 T (the ID?) 347.93 327.72 T 0 0 0 1 0 0 0 K 27 40.94 301.5 253.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 237.11 276.54 240.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 110.61 238.27 T (Slide 5) 265.95 238.27 T 51.96 52.27 276.54 55.73 R 7 X V 0 X (Mike Eisler, Document Editor) 141.91 53.42 T 1 1 0 0 0 0 1 K 51.96 59.66 276.54 224.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 58.19 65.9 270.31 221.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (SPECIFICATION OF QOP/SERVICE VALUES) 77.36 216.32 T (\245) 58.19 200.38 T (John: \322is it expected that any such QOP values will) 64.43 200.38 T -0.03 (be sourced within the RPC layer, or instead that the) 64.43 190.32 P (relevant GSS mechanism ID will be reflected up to) 64.43 180.27 T -0.27 (the RPC caller so that it's equipped to undertake the) 64.43 170.22 P (responsibility of selecting QOPs suitable to the) 64.43 160.17 T (prevailing mechanism?\323) 64.43 150.12 T 2 F (\245) 58.19 134.52 T -0.5 (The API is expected to provide mechanism selection) 64.43 134.52 P (input/output to the client and server. The ID can be) 64.43 124.47 T (updated to reflect this.) 64.43 114.42 T 0 F (\245) 58.19 98.82 T (John: \322Use of \322default\323 would be simplifying here,) 64.43 98.82 T (and is probably to be preferred where/if possible\323) 64.43 88.77 T 0 0 0 1 0 0 0 K 310.5 40.94 585 253.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 335.45 237.11 560.04 240.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 394.11 238.27 T (Slide 6) 549.45 238.27 T 335.45 52.27 560.04 55.73 R 7 X V 0 X (Mike Eisler, Document Editor) 425.41 53.42 T 1 1 0 0 0 0 1 K 335.45 59.66 560.04 224.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 341.69 65.9 553.81 221.86 R 7 X 0 0 0 1 0 0 0 K V 2 8.32 Q 0 X (\245) 341.69 216.32 T -0.7 (Proposal: When the client doesn\325t know what QOP to) 347.93 216.32 P (use, \322default\323 should be specified in the ID) 347.93 206.27 T 0 F (\245) 341.69 190.67 T (Marc Horowitz: Method of imposing QOP/service) 347.93 190.67 T (has problems:) 347.93 180.62 T 3 7.62 Q (-) 354.17 167.56 T (\322client has to \322guess\323 in rpc_gss_init_arg\323) 360.41 167.56 T (-) 354.17 155.43 T (\322field is not protected in any way\323) 360.41 155.43 T (-) 354.17 143.3 T (proposes: \322including the required qop and service values) 360.41 143.3 T (in the final \050GSS_S_COMPLETE\051 rpc_gss_init_res, and) 360.41 134.98 T (using gssapi to protect this information.\323) 360.41 126.67 T 2 8.32 Q (\245) 341.69 112.34 T -0.19 (The intent of feature in the ID was that clients would) 347.93 112.34 P -0.49 (pick the QOP from an out-of-band name service. The) 347.93 102.29 P (server \050e.g. NFS\051 may not know what the right QOP) 347.93 92.24 T (is until the client accesses a specific resource.) 347.93 82.19 T 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "mini" 1 %%Page: "mini" 2 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 27 538.94 301.5 751.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 735.11 276.54 738.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 110.61 736.27 T (Slide 7) 265.95 736.27 T 51.96 550.27 276.54 553.73 R 7 X V 0 X (Mike Eisler, Document Editor) 141.91 551.42 T 1 1 0 0 0 0 1 K 51.96 557.66 276.54 722.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 58.19 563.9 270.31 719.86 R 7 X 0 0 0 1 0 0 0 K V 2 8.32 Q 0 X (\245) 58.19 714.32 T (Is including the required QOP in the response) 64.43 714.32 T (redundant? If GSS-API is used to protect the data,) 64.43 704.27 T (then the QOP is encoded in the results of the GSS-) 64.43 694.22 T (API operation.) 64.43 684.16 T 0 F (\245) 58.19 668.57 T (Marc: \322why have the service/QOP\323 in the protocol?) 64.43 668.57 T (\245) 58.19 652.97 T (Marc: \322it seems more and more to me like dropping) 64.43 652.97 T -0.26 (the QOP/service stuff from the init phase is the right) 64.43 642.92 P (answer.\323) 64.43 632.87 T 2 F (\245) 58.19 617.27 T (It may be possible to remove this from the protocol) 64.43 617.27 T (and still achieve the desired effect. However, the) 64.43 607.22 T (next discussion point from Barry Jaspan raises an) 64.43 597.17 T (issue, leaving this still a point of contention.) 64.43 587.12 T 0 0 0 1 0 0 0 K 310.5 538.94 585 751.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 335.45 735.11 560.04 738.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 394.11 736.27 T (Slide 8) 549.45 736.27 T 335.45 550.27 560.04 553.73 R 7 X V 0 X (Mike Eisler, Document Editor) 425.41 551.42 T 1 1 0 0 0 0 1 K 335.45 557.66 560.04 722.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 341.69 563.9 553.81 719.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (DENIAL OF SERVICE OF ATTACKS USING) 363.64 714.32 T (SEQUENCE NUMBERS) 402.23 698.38 T (\245) 341.69 682.43 T (Barry Jaspan: suggests \322the seq_window also be) 347.93 682.43 T (protected when communicated to the client\323) 347.93 672.38 T 2 F (\245) 341.69 656.78 T (This is reasonable. However, if we delete QOP/) 347.93 656.78 T (integrity negotiation from the protocol, what QOP) 347.93 646.73 T (and what service does the server use to protect) 347.93 636.68 T (seq_window?) 347.93 626.63 T (\245) 341.69 611.03 T (Proposal: leave QOP/service in the protocol, and) 347.93 611.03 T (protect the service/seq_window when) 347.93 600.98 T (communicated back to the client with GSS-API) 347.93 590.93 T 0 0 0 1 0 0 0 K 27 289.94 301.5 502.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 486.11 276.54 489.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 110.61 487.27 T (Slide 9) 265.95 487.27 T 51.96 301.27 276.54 304.73 R 7 X V 0 X (Mike Eisler, Document Editor) 141.91 302.42 T 1 1 0 0 0 0 1 K 51.96 308.66 276.54 473.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 58.19 314.9 270.31 470.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (CLARIFY INTEGRITY CHECK WORDING) 85.23 465.32 T (\245) 58.19 449.38 T (John: description of Context Management \050sec.) 64.43 449.38 T (5.3.3.1\051 should emphasize: \322that the integrity check) 64.43 439.32 T (on an incoming message is to be validated before) 64.43 429.27 T (adjusting the receive window in response to the) 64.43 419.22 T (incoming message's sequence number\323) 64.43 409.17 T 2 F (\245) 58.19 393.57 T -0.39 (Agreed, though if the sequence number is below the) 64.43 393.57 P (window, the request can be dropped without the) 64.43 383.52 T (integrity check.) 64.43 373.47 T 0 0 0 1 0 0 0 K 310.5 289.94 585 502.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 335.45 486.11 560.04 489.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 394.11 487.27 T (Slide 10) 547.52 487.27 T 335.45 301.27 560.04 304.73 R 7 X V 0 X (Mike Eisler, Document Editor) 425.41 302.42 T 1 1 0 0 0 0 1 K 335.45 308.66 560.04 473.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 341.69 314.9 553.81 470.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (RPCSEC_GSS VS. GSS ERRORS) 382.57 465.32 T (\245) 341.69 449.38 T (John: RPCSEC_GSS_NOCRED and) 347.93 449.38 T (RPCSEC_GSS_FAILED are similar in name to GSS-) 347.93 439.32 T (GSS-API major statuses GSS_NO_CRED and) 347.93 429.27 T -0.12 (GSS_FAILURE, but apparently different in meaning.) 347.93 419.22 P (Should the RPCSEC_GSS_* codes be renamed?) 347.93 409.17 T 2 F (\245) 341.69 393.57 T (They will be renamed since they definitely mean) 347.93 393.57 T (different things.) 347.93 383.52 T 0 F (\245) 341.69 367.93 T (John: \322is it possible and useful to define the) 347.93 367.93 T (mapping between specific GSS-level major status) 347.93 357.88 T (codes and the corresponding RPC layer error?\323) 347.93 347.82 T 2 F (\245) 341.69 332.23 T (An attempt will be made to define these mappings.) 347.93 332.23 T 0 0 0 1 0 0 0 K 27 40.94 301.5 253.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 237.11 276.54 240.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 110.61 238.27 T (Slide 11) 264.02 238.27 T 51.96 52.27 276.54 55.73 R 7 X V 0 X (Mike Eisler, Document Editor) 141.91 53.42 T 1 1 0 0 0 0 1 K 51.96 59.66 276.54 224.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 58.19 65.9 270.31 221.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (GENERATION OF SESSION HANDLES) 88.68 216.32 T (\245) 58.19 200.38 T (Marc: Regarding sec. 5.2.2.1, it states: The server) 64.43 200.38 T (must generate handles such that they will be) 64.43 190.32 T (generated again for the same pair of client and) 64.43 180.27 T (server principals.) 64.43 170.22 T 3 6.24 Q (-) 70.67 158.78 T (\322What if there are two simultaneous connections from the same client) 76.91 158.78 T (to the same server?\323) 76.91 151.85 T (-) 70.67 142.15 T (\322GSSAPI requires that mechanisms protect context setup against) 76.91 142.15 T (replay attacks\323) 76.91 135.22 T 2 8.32 Q (\245) 58.19 121.35 T (There should have been a \322not\323 between \322will\323 and) 64.43 121.35 T (\322be\323.) 64.43 111.3 T (\245) 58.19 95.71 T (Proposal: for simplicity, delete the offending) 64.43 95.71 T (sentences from section 5.2.2.1.) 64.43 85.65 T 0 0 0 1 0 0 0 K 310.5 40.94 585 253.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 335.45 237.11 560.04 240.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 394.11 238.27 T (Slide 12) 547.52 238.27 T 335.45 52.27 560.04 55.73 R 7 X V 0 X (Mike Eisler, Document Editor) 425.41 53.42 T 1 1 0 0 0 0 1 K 335.45 59.66 560.04 224.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 341.69 65.9 553.81 221.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (VERSION NEGOTIATION) 398.99 216.32 T (\245) 341.69 200.38 T (Marc: \322The version negotiation procedure seems) 347.93 200.38 T (unnecessarily complex.\323) 347.93 190.32 T (\245) 341.69 174.73 T (Marc: \322In the case when the client and server both) 347.93 174.73 T (support the same protocol version \050which will be) 347.93 164.68 T -0.16 (most of the time\051, it would be useful to be able to do) 347.93 154.62 P (an aggressive setup, where instead of asking for a) 347.93 144.57 T -0.75 (protocol version, the first message for that version is) 347.93 134.52 P (sent.\323) 347.93 124.47 T 2 F (\245) 341.69 108.88 T -0.37 (Agreed. Since the server-side of version negotiation) 347.93 108.88 P (must be stateless, the server doesn\325t care.) 347.93 98.82 T (\245) 341.69 83.23 T (Proposal: Since version negotiation is contentious,) 347.93 83.23 T (and since we at only verison1, delete version) 347.93 73.18 T 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "mini" 2 %%Page: "mini" 3 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 27 538.94 301.5 751.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 735.11 276.54 738.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 110.61 736.27 T (Slide 13) 264.02 736.27 T 51.96 550.27 276.54 553.73 R 7 X V 0 X (Mike Eisler, Document Editor) 141.91 551.42 T 1 1 0 0 0 0 1 K 51.96 557.66 276.54 722.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 58.19 563.9 270.31 719.86 R 7 X 0 0 0 1 0 0 0 K V 2 8.32 Q 0 X -0.77 (negotiation from the specification, reserve version 0,) 64.43 714.32 P (and if versions are added in the future, re-visit) 64.43 704.27 T (version negotiation then.) 64.43 694.22 T 0 0 0 1 0 0 0 K 310.5 538.94 585 751.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 335.45 735.11 560.04 738.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 394.11 736.27 T (Slide 14) 547.52 736.27 T 335.45 550.27 560.04 553.73 R 7 X V 0 X (Mike Eisler, Document Editor) 425.41 551.42 T 1 1 0 0 0 0 1 K 335.45 557.66 560.04 722.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 341.69 563.9 553.81 719.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (GSS_GET_MIC\050\051 VS. GSS_WRAP\050\051) 379.81 714.32 T (\245) 341.69 698.38 T -0.39 (Marc: The protocol in the ID uses \322gss_get_mic\050\051 for) 347.93 698.38 P -0.15 (integrity, and gss_wrap\050\051 for encryption. it would be) 347.93 688.32 P (simpler... to use gss_wrap in both cases, with the) 347.93 678.27 T (conf_req flag set accordingly\323) 347.93 668.22 T 2 F (\245) 341.69 652.62 T (This will introduce an unnecessary byte copy that) 347.93 652.62 T (gss_wrap will incur when conf_req is zero.) 347.93 642.57 T 0 0 0 1 0 0 0 K 27 289.94 301.5 502.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 486.11 276.54 489.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 110.61 487.27 T (Slide 15) 264.02 487.27 T 51.96 301.27 276.54 304.73 R 7 X V 0 X (Mike Eisler, Document Editor) 141.91 302.42 T 1 1 0 0 0 0 1 K 51.96 308.66 276.54 473.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 58.19 314.9 270.31 470.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (\245) 58.19 465.32 T (Marc: Perhaps both modes should be allowed, as) 64.43 465.32 T (there is talk about extending GSS-API to use an) 64.43 455.27 T (application buffer.) 64.43 445.22 T 2 F (\245) 58.19 429.62 T (This extension won\325t eliminate the byte copy. Have) 64.43 429.62 T (two ways to do integrity is protocol bloat and by) 64.43 419.57 T (consequence, ONCRPC-API bloat. Why would an) 64.43 409.52 T (ONC-RPC programmer pick a \322wrapped-integrity\323) 64.43 399.47 T (service if the documentation warned that this) 64.43 389.42 T (consumed a byte copy?) 64.43 379.36 T 0 0 0 1 0 0 0 K 310.5 289.94 585 502.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 335.45 486.11 560.04 489.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 394.11 487.27 T (Slide 16) 547.52 487.27 T 335.45 301.27 560.04 304.73 R 7 X V 0 X (Mike Eisler, Document Editor) 425.41 302.42 T 1 1 0 0 0 0 1 K 335.45 308.66 560.04 473.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 341.69 314.9 553.81 470.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (SECTION 6.2 - FLOODING ATTACKS) 375.65 465.32 T (\245) 341.69 449.38 T (Marc: \322Section 6.2 goes through some effort to) 347.93 449.38 T (demonstrate that there are no flooding attacks) 347.93 439.32 T (possible. There is a trivial attack where the attacker) 347.93 429.27 T (sends fake requests above the window. These will) 347.93 419.22 T -0.49 (not be rejected due to the sequence number \050since it) 347.93 409.17 P (must increase\051, forcing the server to validate the) 347.93 399.12 T (header checksum and fail.\323) 347.93 389.07 T 2 F (\245) 341.69 373.47 T (The ID does, albeit not clearly, acknowledge this.) 347.93 373.47 T (\245) 341.69 357.88 T (Proposal: Clarify section 6.2.) 347.93 357.88 T 0 0 0 1 0 0 0 K 27 40.94 301.5 253.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 237.11 276.54 240.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 110.61 238.27 T (Slide 17) 264.02 238.27 T 51.96 52.27 276.54 55.73 R 7 X V 0 X (Mike Eisler, Document Editor) 141.91 53.42 T 1 1 0 0 0 0 1 K 51.96 59.66 276.54 224.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 58.19 65.9 270.31 221.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (SECTION 5.2.1 - CONTEXT CREATION MESSAGES) 64.18 216.32 T (\245) 58.19 200.38 T -0.39 (Marc: Section 5.2.1 says: The first RPC request from) 64.43 200.38 P (the client to the server initiates context creation for) 64.43 190.32 T (those mechanisms that require context creation) 64.43 180.27 T (messages. \322All mechanisms will generate at least) 64.43 170.22 T (one token requiring a context creation message\323) 64.43 160.17 T 2 F (\245) 58.19 144.57 T (The GSS-API v2 specification \050draft-ietf-cat-gssv2-) 64.43 144.57 T (08.txt\051 seems to imply that an initial call to) 64.43 134.52 T (GSS_Init_sec_context can return) 64.43 124.47 T (GSS_S_COMPLETE. Is there a problem with calling) 64.43 114.42 T (GSS_Accept_sec_context\050\051 on a token created with) 64.43 104.37 T (a GSS_Init_sec_context call returning) 64.43 94.32 T (GSS_S_COMPLETE?) 64.43 84.27 T 0 0 0 1 0 0 0 K 310.5 40.94 585 253.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 335.45 237.11 560.04 240.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 394.11 238.27 T (Slide 18) 547.52 238.27 T 335.45 52.27 560.04 55.73 R 7 X V 0 X (Mike Eisler, Document Editor) 425.41 53.42 T 1 1 0 0 0 0 1 K 335.45 59.66 560.04 224.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 341.69 65.9 553.81 221.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (DATA TYPE OF GSS_PROC) 392.98 216.32 T (\245) 341.69 200.38 T (Marc: \322gss_proc is an unsigned int instead of an) 347.93 200.38 T (enum. Why?\323) 347.93 190.32 T 2 F (\245) 341.69 174.73 T -0.2 (Proposal: redefine gss_proc as an enumerated type.) 347.93 174.73 P 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "mini" 3 %%Page: "mini" 4 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 27 538.94 301.5 751.06 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 51.96 735.11 276.54 738.58 R 7 X 0 0 0 1 0 0 0 K V 1 3.47 Q 0 X (draft-ietf-oncrpc-rpcsec_gss-01.txt: summary of discussion and issues) 110.61 736.27 T (Slide 19) 264.02 736.27 T 51.96 550.27 276.54 553.73 R 7 X V 0 X (Mike Eisler, Document Editor) 141.91 551.42 T 1 1 0 0 0 0 1 K 51.96 557.66 276.54 722.98 6.24 RR 7 X 1 1 0 0 0 0 1 K V 0.17 H 0 Z 0 X N 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 58.19 563.9 270.31 719.86 R 7 X 0 0 0 1 0 0 0 K V 0 8.32 Q 0 X (GSS-API V1 REFERENCES VS. GSS-API V2) 78.96 714.32 T (\245) 58.19 698.38 T (Marc: \322the draft should use [GSS-API] v2 function) 64.43 698.38 T (names, not v1 function names\323) 64.43 688.32 T 2 F (\245) 58.19 672.73 T (It wasn\325t clear if referencing another ID was) 64.43 672.73 T (appropriate.) 64.43 662.68 T (\245) 58.19 647.08 T (Proposal: change the names to use GSS-API V2) 64.43 647.08 T -0.19 (function names. Change them back to V1 if the GSS-) 64.43 637.03 P (API V2 is not an RFC by the time the rpcsec_gss ID) 64.43 626.98 T (is published as its own RFC.) 64.43 616.93 T 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "mini" 4 %%Trailer %%BoundingBox: 0 0 612 792 %%PageOrder: Ascend %%Pages: 4 %%DocumentFonts: Helvetica-Bold %%+ Helvetica-Oblique %%+ Helvetica-BoldOblique %%+ Helvetica %%EOF