[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-brezak-win2k-krb-rc4-hmac-04.txt key usages

Apparently I spoke too soon. Changing KRB5_KU_TICKET breaks

And, as our implementation of rc4-hmac GSS_Wrap() and
GSS_Get_MIC() calls hmac() directly, there's probably
little point in setting KRB5_KU_USAGE_SEAL and

-- Luke

>From: Luke Howard <lukeh@PADL.COM>
>Subject: draft-brezak-win2k-krb-rc4-hmac-04.txt key usages
>To: heimdal-discuss@sics.se
>Date: Wed, 27 Nov 2002 10:44:12 +1100
>Organization: PADL Software Pty Ltd
>Versions: dmail (bsd44) 2.4c/makemail 2.9d
>The key usage numbers in lib/krb5/crypto.c do not appear to
>match up entirely with draft-brezak-win2k-krb-rc4-hmac-04.txt.
>In particualr, it appears that KRB5_KU_TICKET should be usage
>2 (ie. no mapping) and that KRB5_KU_USAGE_SEAL, KRB5_KU_USAGE_SIGN
>and KRB5_KU_USAGE_SEQ be mapped to zero. I have a patch if anyone
>is interested.
>Also, does anyone know what key derivation salt the PAC 
>signatures in draft-brezak-win2k-krb-authz-00.txt use?
>-- Luke
>Luke Howard | PADL Software Pty Ltd | www.padl.com

Luke Howard | PADL Software Pty Ltd | www.padl.com