[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exporting gssapi context, take two

> The only problem I see with this proposal is that CFX does not have
> two keys for signing and sealing.  It has one context key and
> potentially one acceptor subkey.  Besides that, this proposal looks
> good to me.

My intention was to make it simple for the calling code and simply
return the derived keys to be used for signing and sealing --
whether they are derived from the context/session key or subkey.
Am I misunderstanding how this works?