[Ietf-krb-wg] Camellia-CTS for Kerberos

Yang Li sharepointlink at hotmail.com
Mon May 10 10:26:59 EDT 2010


HI, i am new to kerberos, so pardon me for a silly question:

immediately logging into windows, i run klist and get 2 krbtgt tickets with
the same realm: one is flagged with FRIA, and the other is flagged with FRA,

i am wondering if it is normal to get 2 TGT, and if it is, what is the one
different from others on how they are going to be used?



Thanks, -Yang




-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
Of Luke Howard
Sent: Monday, May 10, 2010 9:26 AM
To: ietf-krb-wg at lists.anl.gov
Cc: kerberos at mit.edu List
Subject: Re: [Ietf-krb-wg] Camellia-CTS for Kerberos

The users/lhoward/camellia-ccm branch of MIT Kerberos contains an
implementation of both CCM and CMAC, for both AES and Camellia. The
mandatory checksum type for the CCM enctypes is CMAC. (However, as mentioned
before, integrity in CCM is provided through CBC-MAC.)

#define ENCTYPE_AES128_CCM_128  -64
#define ENCTYPE_AES256_CCM_128  -65
#define ENCTYPE_CAMELLIA128_CCM_128 -66
#define ENCTYPE_CAMELLIA256_CCM_128 -67

#define CKSUMTYPE_CMAC_128_AES128              -64
#define CKSUMTYPE_CMAC_128_AES256              -65
#define CKSUMTYPE_CMAC_128_CAMELLIA128         -66
#define CKSUMTYPE_CMAC_128_CAMELLIA256         -67

-- Luke

On 09/05/2010, at 8:47 PM, Luke Howard wrote:

> Regarding implementing Camellia-CCM (admittedly otherwise unspecified and
off-topic), would one prefer the mandatory Kerberos checksum type to be
SHA-1 (-512?) or CMAC? (Note this is orthogonal to the use of CBC-MAC in CCM
itself.)
> 
> CMAC is arguably more consistent with CCM (see NIST 800-38C section 5.2).
> 
> -- Luke
> _______________________________________________
> ietf-krb-wg mailing list
> ietf-krb-wg at lists.anl.gov
> https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
> 

--
www.padl.com | www.thisismagnolia.net


________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list