[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal 1.0.1 w2k interop
> AES for Kerberos was ratified several *months* before 4120, so that
> one can argue that even AES is "old" enctype:-) But to be serious
> it is open for definition of "concurrently." Final documents have
> no revision history and it's not trivial for general public to
> figure if two RFCs were worked on concurrently. Should one expect
> small difference in RFC number? How small? Should they be ratified
> on the same year? But in either case it indeed might be appropriate
> to re-implement kerberos5.c:older_enctype() as !newer_enctype and
> enlist "newer" encryption types. I mean as opposite to maintaining
> list of "older" ones. Cheers. A.
The AES work happen concurrently with rfc4210, or rather say, since
rfc4210 took forever to develop, most everything happened at the same
Older is better, since then I don't need to update the code when I
add new enctypes.