[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC

To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Sun, 11 Sep 2005 19:45:10 -0400
Cc: heimdal-discuss@sics.se, samba-technical@samba.org
In-Reply-To: <1126427542.13543.84.camel@amy.flyaway.abartlet.net>
References: <1126313849.5848.333.camel@amy.flyaway.abartlet.net> <1126326550.13543.4.camel@amy.flyaway.abartlet.net> <160B66FF-461F-471C-9A53-85DCA0601B44@mit.edu> <1126332573.13543.22.camel@amy.flyaway.abartlet.net> <61F0C906-DD5C-4CE3-A685-6D9ABB6A29BD@MIT.EDU> <1126392840.13543.51.camel@amy.flyaway.abartlet.net> <1126427542.13543.84.camel@amy.flyaway.abartlet.net>
Sender: owner-heimdal-discuss@sics.se

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sep 11, 2005, at 04:32, Andrew Bartlett wrote:
>>> Pragmatically, yes, it sounds like you're stuck implementing
>>> something along these lines.  But I think it would be a bit less  
>>> ugly
>>> if the naming made it clear that it's a DCE/RPC thing, not a general
>>> GSSAPI thing.  DCE/RPC isn't GSSAPI.  Likewise for gss_wrap_ex,  
>>> if it
>>> separates the signature, though I could certainly see AEAD being a
>>> useful GSSAPI addition (and wish we'd had time to properly consider
>>> it for RFC 3961 -- Kerberos cryptosystems -- as well).
>>>
>>
>> Any suggestions as to the name?  While the particular need here is  
>> for
>> DCE/RPC, I imagine it is not the only framing that is painful in this
>> respect...
>>
>
> Given all this discussion, I'll probably rename it to
> gsskrb5_wrap_size(), as that's all it's valid for.

That sounds okay... except... actually, nothing in RFC 3961 says a  
Kerberos cryptosystem can't do some of the same weird stuff, like  
compressing before encrypting, or making the "signature part" hard to  
separate.  So even just for Kerberos, it may not always be  
implementable...

Ken
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFDJMGKUqOaDMQ+e5gRAhIvAKCJuDSoZ7//UXHOjyic1BEnIdl5aQCfT8Hh
zScB48SqHcvK124vP8LU18M=
=kVO1
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
  - From: Andrew Bartlett <abartlet@samba.org>

References:
- [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
  - From: Ken Raeburn <raeburn@MIT.EDU>
- Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
  - From: Ken Raeburn <raeburn@MIT.EDU>
- Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
Next by Date: Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
Prev by thread: Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
Next by thread: Re: [SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
Index(es):
- Date
- Thread