[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Exporting gssapi context, take two
>>>>> "Kevin" == Kevin Coffman <firstname.lastname@example.org> writes:
>> The only problem I see with this proposal is that CFX does not
>> have two keys for signing and sealing. It has one context key
>> and potentially one acceptor subkey. Besides that, this
>> proposal looks good to me.
Kevin> My intention was to make it simple for the calling code and
Kevin> simply return the derived keys to be used for signing and
Kevin> sealing -- whether they are derived from the
Kevin> context/session key or subkey. Am I misunderstanding how
Kevin> this works?
Yes, it doesn't work that way at all.
I also disagree somewhat with trying to make it easier for the calling
code. I'd rather simply export the minimum protocol quantities for
the calling code to do its job.