[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-brezak-win2k-krb-rc4-hmac-04.txt key usages

To: lukeh@PADL.COM
Subject: Re: draft-brezak-win2k-krb-rc4-hmac-04.txt key usages
From: Luke Howard <lukeh@PADL.COM>
Date: Wed, 27 Nov 2002 13:01:50 +1100
Cc: heimdal-discuss@sics.se
Organization: PADL Software Pty Ltd
Reply-To: lukeh@PADL.COM
Sender: owner-heimdal-discuss@sics.se
Versions: dmail (bsd44) 2.4c/makemail 2.9d


Apparently I spoke too soon. Changing KRB5_KU_TICKET breaks
interoperability.

And, as our implementation of rc4-hmac GSS_Wrap() and
GSS_Get_MIC() calls hmac() directly, there's probably
little point in setting KRB5_KU_USAGE_SEAL and
KRB5_KU_USAGE_SIGN.

-- Luke

>From: Luke Howard <lukeh@PADL.COM>
>Subject: draft-brezak-win2k-krb-rc4-hmac-04.txt key usages
>To: heimdal-discuss@sics.se
>Date: Wed, 27 Nov 2002 10:44:12 +1100
>Organization: PADL Software Pty Ltd
>Versions: dmail (bsd44) 2.4c/makemail 2.9d
>
>
>The key usage numbers in lib/krb5/crypto.c do not appear to
>match up entirely with draft-brezak-win2k-krb-rc4-hmac-04.txt.
>
>In particualr, it appears that KRB5_KU_TICKET should be usage
>2 (ie. no mapping) and that KRB5_KU_USAGE_SEAL, KRB5_KU_USAGE_SIGN
>and KRB5_KU_USAGE_SEQ be mapped to zero. I have a patch if anyone
>is interested.
>
>Also, does anyone know what key derivation salt the PAC 
>signatures in draft-brezak-win2k-krb-authz-00.txt use?
>
>-- Luke
>
>--
>Luke Howard | PADL Software Pty Ltd | www.padl.com

--
Luke Howard | PADL Software Pty Ltd | www.padl.com

Prev by Date: draft-brezak-win2k-krb-rc4-hmac-04.txt key usages
Next by Date: Heimdal, Openafs and Win2000
Prev by thread: draft-brezak-win2k-krb-rc4-hmac-04.txt key usages
Next by thread: Re: draft-brezak-win2k-krb-rc4-hmac-04.txt key usages
Index(es):
- Date
- Thread