[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sep 10, 2005, at 02:09, Andrew Bartlett wrote:
> Sadly it is a mistake that DCE/RPC forces on us: While I presume you
> could simply expand the data portion for the full wrapped data,
> Microsoft chose to place the signature in the traditional place,
> separate from the main data. We have to be compatible with that.
[...]
> As such, I'm in a no-win situation, and took the least ugly way
> out :-)
Pragmatically, yes, it sounds like you're stuck implementing
something along these lines. But I think it would be a bit less ugly
if the naming made it clear that it's a DCE/RPC thing, not a general
GSSAPI thing. DCE/RPC isn't GSSAPI. Likewise for gss_wrap_ex, if it
separates the signature, though I could certainly see AEAD being a
useful GSSAPI addition (and wish we'd had time to properly consider
it for RFC 3961 -- Kerberos cryptosystems -- as well).
Ken
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFDI2BWUqOaDMQ+e5gRAoGbAKDbb0Y38fCpD+J+q/Id0f8+mMo4rgCbB57n
qO3TzZsA0bAi7Jyu3qSW7P4=
=UlZl
-----END PGP SIGNATURE-----