[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing signature algorithm

To: Tom Hansen <hansentf@yahoo.com>
Subject: Re: Changing signature algorithm
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Fri, 8 Jun 2007 13:08:32 -0400
Cc: heimdal-discuss@sics.se
In-Reply-To: <901905.57027.qm@web61012.mail.yahoo.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <901905.57027.qm@web61012.mail.yahoo.com>
Reply-To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>

8 jun 2007 kl. 12.39 skrev Tom Hansen:

> That seems to do it. Thanks for the update. I noticed you mentioned  
> the old code supported PacketCable. Why was it removed in 0.8?  
> Unfortunately the mail archives only go back a few months so not  
> much returns when searching for it in the list. Pardon me if this  
> was already discussed.

The packet cable code was slowly dying because it was no longer  
maintained and when I migrated to hx509 I had no way to check it it  
still worked.

I have no problem maintaning packet-cable code in there, just as long  
as there is some chance that it accually might work.

What I would consider the limit would be tests in the regression  
suite that tested the code, tests/kdc/check-pkinit.in does this for  
both windows, IETF(DH and EncKey) plus a sample transaction in tests/ 
can.

If you want a code-drop from the old source-code or any help to get  
this working, just ask.

Love

>
> Tom
>
> ----- Original Message ----
> From: Love Hörnquist Åstrand <lha@kth.se>
> To: heimdal-discuss@sics.se; Tom Hansen <hansentf@yahoo.com>
> Sent: Wednesday, June 6, 2007 8:03:58 PM
> Subject: Re: Changing signature algorithm
>
>
> 6 jun 2007 kl. 19.29 skrev Tom Hansen:
>
>> Trunk? The latest snapshot on ftp is 8.1 rc3 but that doesn't have
>> peer-alg. It seems peer-alg can be used somewhere along
>> krb5_pk_create_sign or other func to set the signatureAlgo to a
>> desired value.
>
>  From http://www.h5l.se/#vc
>
> svn checkout svn://svn.h5l.se/heimdal/trunk/heimdal heimdal
> cd heimdal
> autoreconf -f -i
>
>> On the other point, it sounds like the signature algorithm can be
>> kept as is but changing the oid to ...1.1.1 is really all that
>> packetcable is requiring. It seems like an odd requirement.
>
> Yes, that is what the patch I commited does.
>
> Love
>
>
>
>
>
>
>
>
> ______________________________________________________________________ 
> ______________
> Yahoo! oneSearch: Finally, mobile search
> that gives answers, not web links.
> http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC

References:
- Re: Changing signature algorithm
  - From: Tom Hansen <hansentf@yahoo.com>

Prev by Date: Re: Changing signature algorithm
Next by Date: Re: Preauthentication failed
Prev by thread: Re: Changing signature algorithm
Next by thread: Re: Preauthentication failed
Index(es):
- Date
- Thread