[krbdev.mit.edu #1415] subkeys fubar
Public Submitter via RT
rt-comment at krbdev.mit.edu
Thu Apr 17 11:57:53 EDT 2003
[tlyu - Wed Apr 16 19:40:57 2003]:
> Do we want an option to allow for "server subkey wins"?
RFC1510 and clarifications pretty much leave subkey negotiation to the
applications.
To stay true to this the APIs could allow an application-provided
callback function
to produce the local and remote sub-keys given the proposed sub-keys
from the
AP exchange as input.
> Are there any applications currently depending on the functionality of
> unidirectional subsession keys?
Er, well, I suspect not, but if the default mkr_req/mk_rep behaviour
changes apps
would break, no? What about older kcmd? Is there a reflection attack
there if
unidirectional keys are not used?
Nico
More information about the krb5-bugs
mailing list