Exporting gssapi context, take two

Kevin Coffman kwc at citi.umich.edu
Fri Apr 16 13:51:13 EDT 2004

> The only problem I see with this proposal is that CFX does not have
> two keys for signing and sealing.  It has one context key and
> potentially one acceptor subkey.  Besides that, this proposal looks
> good to me.

My intention was to make it simple for the calling code and simply
return the derived keys to be used for signing and sealing --
whether they are derived from the context/session key or subkey.
Am I misunderstanding how this works?

More information about the krbdev mailing list