RFC 4121 & acceptor subkey use in MIC token generation

Ken Hornstein kenh at cmf.nrl.navy.mil
Thu Oct 26 13:41:42 EDT 2023


>Yeah; IIRC that was to allow cases where the initiator would send the first
>context token in the same packet/message with early data, such as a MIC
>binding the exchange to some channel. In retrospect, perhaps it has caused
>more trouble than it was worth. We didn't use this in RFC 4462 userauth,
>which doesn't use mutual anyway.

As a side note, my impression is that gss-keyex has fallen out of favor,
and at least for us part of the problem is the unfortunate decision
to use MD5 in that protocol.  You and I both know that the use of MD5
in there isn't security related, but if you live in a FIPS world
then any use of MD5 is a "challenge".

--Ken


More information about the Kerberos mailing list