[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Missing MS krb5 draft

On Tue, 2004-06-01 at 17:19, Love wrote:
> Andrew Bartlett <abartlet@samba.org> writes:
> > This first draft of the Microsoft type 23 crypto stuff is missing from
> > Heimdal's documentation tree:
> >
> > http://www.watersprings.org/pub/id/draft-brezak-win2k-krb-rc4-hmac-00.txt
> >
> > Given how these tend to disappear from the web, can it be added to the
> > doco?  (That collection is also very useful, when looking at schannel -
> > an otherwise unrelated crypto system - which it appears is where the
> > type 23 stuff was copied from, inside MS).
> Sure, btw in what document is schannel documented ?

Officially, none.  But those wise at this trade advise (correctly) that
if you squint in the right direction and look at what data you have, and
these specs, that the dots line up very nicely.   

Even the mutual agreement on a session key (not something that krb5
does) is 'documented' - they use the signature routines, just in a
slightly different way.

(for those not spending their entire days crawling up MS's network
protocols, schannel is a 'secure' communication system between domain
controllers and domain members, based on a shared secret, not entirely
unlike kerberos...)

Andrew Bartlett

Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

This is a digitally signed message part