appl/simple/client/sim_client.c uses internal APIs

Chris Hecker checker at d6.com
Fri Feb 24 14:37:50 EST 2023


Sure, I agree with that rough breakdown, I just think the samples should
show a hierarchy of techniques and show the flexibility, and be named
appropriately.  I mean, if a developer is thoughtless when using a crypto
api then having messages be encrypted is not going to save them, so we need
to assume some level of competence on their part, and comment appropriately.

Chris


On Fri, Feb 24, 2023 at 12:25 Ken Hornstein <kenh at cmf.nrl.navy.mil> wrote:

> >I guess if I’m on a tear saying forbidden things, sometimes identity is
> all
> >you need, you don’t want all the samples to encrypt everything, because
> >that makes it look like you have to, which you don’t?  It is use-case
> >dependent, and krb5 is great because it is granular enough to let
> >developers choose what they do for their own use-cases.
>
> I'd like to push back on THIS a bit.
>
> While I agree that you don't ALWAYS need to encrypt everything, I would
> argue that in 2023 you should to encrypt everything 99% of the time, and
> the 1% you don't you should think about very carefully.  And having the
> samples encrypt stuff would be helpful as examples (and to take later
> further point, the breakdown between sample/simple always confuses me as
> well).
>
> --Ken
>


More information about the Kerberos mailing list