[krbdev.mit.edu #1352] kg_seal should check GSS_C_PROT_READY_FLAG value
via RT
rt-comment at krbdev.mit.edu
Fri Feb 21 15:32:23 EST 2003
[hartmans - Fri Feb 21 15:24:02 2003]:
> >>>>> "Nicolas" == Nicolas Williams via RT <rt-comment at krbdev.mit.edu>
> writes:
>
>
> Nicolas> But even so, I think it makes plenty of sense to allow
> Nicolas> the client to send the MIC as soon as the mech it picks
> Nicolas> to negotiate for optimistically is ready to do so.
>
> I'd agree with you except that this is fairly clearly prohibited by
> section 3.2.2 of the RFC. I suspect SPNEGO predates prot-ready.
Sam, you are correct, I had not noticed that. HOWEVER, the MIT code
seems to want to support PROT_READY, but the support is not complete
and that is what this bug report is about. Regardless of the SPNEGO
issue, the fact is that the MIT krb5 does not support PROT_READY
correctly.
Nico
More information about the krb5-bugs
mailing list