ASN Encording of KRB-AS-REQ and REP

Tom Yu tlyu at MIT.EDU
Fri Apr 4 14:53:26 EST 2003

>>>>> "Eric" == Naud, Eric <eric.naud at> writes:

Eric> It is clear in section 8.3 of RFC1510 that the message types for
Eric> KRB-AS-REQ and REP are 10 and 11 respectively. My question is
Eric> what is the ID field at the beginning of the ASN encoded data?
Eric> When I sniff the transaction between kadmin and KerbNet I see
Eric> two frames, presumably the AS-REQ and REP. The first octet is 6A
Eric> and 6B. These constants don't seem to be defined in the RFC, can
Eric> anyone tell me what these identifier octets are?
First of all, the term "message type" is somewhat ambiguous in
RFC1510.  It can be interpreted to mean either the ASN.1 type used to
define the protocol message, or a number distinguishing which protocol
message it is.  Further confusing matters, this number appears both as
an ASN.1 application class tag number and (redundantly!) as a separate
integer component in the ASN.1 type defining the protocol message.

0x6A is an octet signifying application class tag number 10,
constructed encoding.

0x6B is an octet signifying application class tag number 11,
constructed encoding.

Please see X.680:1997 (ASN.1 syntax) and X.690:1997 (BER/CER/DER) for
further details.  It is not possible to map from the abstract syntax
in RFC1510 to bits on the wire without understanding the ASN.1
Distinguished Encoding Rules (DER).


More information about the Kerberos mailing list