Exporting gssapi context, take two
Kevin Coffman
kwc at citi.umich.edu
Fri Apr 16 13:51:13 EDT 2004
> The only problem I see with this proposal is that CFX does not have
> two keys for signing and sealing. It has one context key and
> potentially one acceptor subkey. Besides that, this proposal looks
> good to me.
My intention was to make it simple for the calling code and simply
return the derived keys to be used for signing and sealing --
whether they are derived from the context/session key or subkey.
Am I misunderstanding how this works?
More information about the krbdev
mailing list