export list symbols
Jeffrey Hutzelman
jhutz at cmu.edu
Tue Oct 20 13:49:49 EDT 2009
--On Tuesday, October 20, 2009 11:07:55 AM -0500 Nicolas Williams
<Nicolas.Williams at sun.com> wrote:
> But also, RFC3961 is not intended to be a mere detail of Kerberos
> protocol construction: "raw" krb5 apps that extract session keys and
> make use of krb5 enctypes directly are legitimate users of RFC3961.
>
> Think of TELNET and AFS, which, I know are not exactly good examples
> here (in large part because they pre-date RFC3961), but they are good
> examples of apps which, if they really had to avoid KRB-SAFE/PRIV or the
> GSS-API (e.g., because of per-token/message overhead), then really
> should have used _a_ cryptographic protocol framework, of which RFC3961
> is a reasonable example.
In fact, RFC3961 was designed with such users in mind.
> IMO Kerberos implementors SHOULD export RFC3961 interfaces.
Agree.
More information about the krbdev
mailing list