RFC 4121 & acceptor subkey use in MIC token generation
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Oct 24 20:36:31 EDT 2023
>Whether the initiator can generate per-message tokens before receiving
>the subkey depends on whether the mechanism returned the prot_ready
>state (RFC 2743 section 1.2.7) to the caller after generating the
>initiator token. RFC 4121 does not mention prot_ready; I couldn't say
>whether that's an implicit contraindication on setting the bit. I'm not
>aware of any krb5 mechs setting the bit at that point in the initiator,
>although I recall Nico talking about maybe wanting to do so.
Fair enough; every time I think I might understand the GSSAPI, there
is always something else in that mess. I don't think given subkey
negotiation it would be possible for a krb5 mechanism to legitimately
set prot_ready before authentication was complete, but it sure seems
like this is a corner case. Certainly it seems like Heimdal always
assumes that the other end will behave that way.
>The comment was written twenty years ago by a developer no longer
>working for MIT, and I don't recall having any conversations about it
>before this one.
NOW I feel old :-/
--Ken
More information about the Kerberos
mailing list