Bug#402814: cyrus-imapd-2.2: Inadequate documentation of 'sasl_minimum_layer'

Thu Dec 14 17:45:45 CET 2006

Henrique de Moraes Holschuh wrote on 14/12/2006 02:51:
> On Wed, 13 Dec 2006, Michael Richters wrote:
> 
>>FYI: the string "sasl_minimum_layer" appears in the cyrus-imapd-2.2
>>source package, but not in the cyrus-sasl2 package:
> 
> 
> Strip the sasl_ prefix when grepping SASL code and docs.
> 
> That said, there are two possibilities for sasl_minimum_layer:
> 
> 1. Cyrus imap does its own processing on top of whatever SASL already does.
> 
> 2. It is in fact implemented by cyrus imap.
> 
> 
> If it is (2), we document it. If it is (1), we document it in a case by case
> basis.
> 
> There is also a (3): if I am wrong and cyrus now knows a set of SASL options
> and doesn't pass them blindly to SASL anymore, then we document them all.
> 
> I don't have the time to find out which is the case here, though. At least
> not right now.  It could be just that cyrus imap tries to change the default
> sasl minimum layer, which I find likely.
> 
> 
>>I don't think it's reasonable to expect someone to grep through the
>>source in order to determine that "sasl_minimum_layer" in one package
>>translates to "min_ssf" in another.  Not to mention the fact that this
>>information still doesn't lead me to an answer to my original
>>question.
> 
> 
> It should not translate to min_ssf at all, unless SASL is renaming options,
> in which case whomever is doing the translation needs to document it (either
> cyrus imap or sasl).
> 
> But no, it is not reasonable to have to grep code to find this information.
> SASL should document all their options easily, and in a manpage.  Feel free
> to file a bug against libsasl2 requesting that.
> 
> We are already agreeing that cyrus should also document those that are its
> responsability, btw.  I just don't know which ones are at this point, as I
> don't have the time to go code-hunting on cyrus right now.
> 
> I hope one of the other maintainers can do it soon.

Regarding the Documentation:

sasl_minimum_layer really translates into min_ssf in libsasl2,
sasl_maximum_layer into max_ssf of the same structure. What they do is
documented in: /usr/share/doc/libsasl2/programming.html

Actually, the documentation available in cyrus-imapd is almost all there
is to know:
a layer of 0 doesn't ensure anything
a layer of 1 provides integrity protection
any higher level ensures some sort of encryption. The example given in
sasl documentation is 56-bit DES encryption providing an SSF (security
strength factor) of 56.

Perhaps someone else can put this in more documentation-like words and
add it to our manpages, READMEs or so.

regards,
Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 188 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-imapd-debian-devel/attachments/20061214/626f6e0d/signature.pgp