[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exporting gssapi context, take two

To: Kevin Coffman <kwc@citi.umich.edu>
Subject: Re: Exporting gssapi context, take two
From: Sam Hartman <hartmans@mit.edu>
Date: Fri, 16 Apr 2004 13:58:25 -0400
Cc: krbdev@mit.edu, nfsv4-wg@citi.umich.edu, heimdal-discuss@sics.se
In-Reply-To: <20040416175113.E8099207CA@citi.umich.edu> (Kevin Coffman'smessage of "Fri, 16 Apr 2004 13:51:13 -0400")
References: <20040416175113.E8099207CA@citi.umich.edu>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.2 (gnu/linux)

>>>>> "Kevin" == Kevin Coffman <kwc@citi.umich.edu> writes:

    >> The only problem I see with this proposal is that CFX does not
    >> have two keys for signing and sealing.  It has one context key
    >> and potentially one acceptor subkey.  Besides that, this
    >> proposal looks good to me.

    Kevin> My intention was to make it simple for the calling code and
    Kevin> simply return the derived keys to be used for signing and
    Kevin> sealing -- whether they are derived from the
    Kevin> context/session key or subkey.  Am I misunderstanding how
    Kevin> this works?


Yes, it doesn't work that way at all.

I also disagree somewhat with trying to make it easier for the calling
code.  I'd rather simply export the minimum protocol quantities for
the calling code to do its job.

Follow-Ups:
- Re: Exporting gssapi context, take two
  - From: Andrew Bartlett <abartlet@samba.org>

References:
- Re: Exporting gssapi context, take two
  - From: Kevin Coffman <kwc@citi.umich.edu>

Prev by Date: Re: Exporting gssapi context, take two
Next by Date: Re: Exporting gssapi context, take two
Prev by thread: Re: Exporting gssapi context, take two
Next by thread: Re: Exporting gssapi context, take two
Index(es):
- Date
- Thread