2005-01-28 Havoc Pennington <hp@redhat.com>

	* doc/TODO, doc/dbus-specification.xml: spec and TODO tweaks
	related to authentication protocol

2 files changed, 20 insertions, 12 deletions

diff --git a/doc/TODO b/doc/TODO
index 631b7719..d4ca427a 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -23,15 +23,6 @@ Important for 1.0
    that generates messages, more like the tests for
    dbus-marshal-recursive.c
 
- - modify the auth protocol to also support other initial-handshake
-   type of information:
-
-   Perhaps the auth protocol should be able to negotiate a protocol 
-   version to the least-common-denominator between client and server?
-   Though in practice ever using this feature would be pretty tough, 
-   since protocol probably modifies the API. But we could have it there
-   as a safety net.
-
  - need to define bus behavior if you send a message to 
    yourself; is it an error, or allowed? If allowed, 
    we need to have a test for it in the test suite.
@@ -45,6 +36,13 @@ Important for 1.0
  - the spec and implementation should probably require dict keys
    to be basic types
 
+ - in dbus-keyring.c, enforce that the keyring dir is not 
+   world readable/writable
+
+ - the "server addresses" section of the spec is busted; need to 
+   support escaping in the addresses, be sure multiple addresses 
+   in one env variable work, etc.
+
 Important for 1.0 GLib Bindings
 ===
 
diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
index 732f95b0..6e34be27 100644
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@@ -1394,6 +1394,14 @@
         should try something other than whatever caused the error; 
         if only canceling/rejecting the authentication.
       </para>
+      <para>
+        If the D-BUS protocol changes incompatibly at some future time,
+        applications implementing the new protocol would probably be able to
+        check for support of the new protocol by sending a new command and
+        receiving an ERROR from applications that don't understand it. Thus the
+        ERROR feature of the auth protocol is an escape hatch that lets us
+        negotiate extensions or changes to the D-BUS protocol in the future.
+      </para>
     </sect2>
     <sect2 id="auth-examples">
       <title>Authentication examples</title>
@@ -1930,7 +1938,7 @@
           nonzero length, and may not contain the characters slash ("/"),
           backslash ("\"), space (" "), newline ("\n"), carriage return ("\r"),
           tab ("\t"), or period ("."). There is a default context,
-          "org_freedesktop_global" that's used by servers that do not specify
+          "org_freedesktop_general" that's used by servers that do not specify
           otherwise.
         </para>
         <para>
@@ -1958,13 +1966,15 @@
             </listitem>
             <listitem>
               <para>
-                The cookie itself, a hex-encoded random block of bytes.
+                The cookie itself, a hex-encoded random block of bytes. The cookie
+                may be of any length, though obviously security increases 
+                as the length increases.
               </para>
             </listitem>
           </itemizedlist>
         </para>
         <para>
-          Only server processes modify the cookie file. 
+          Only server processes modify the cookie file.
           They must do so with this procedure:
           <itemizedlist>
             <listitem>