Exporting gssapi context, take two
Sam Hartman
hartmans at MIT.EDU
Fri Apr 16 13:58:25 EDT 2004
>>>>> "Kevin" == Kevin Coffman <kwc at citi.umich.edu> writes:
>> The only problem I see with this proposal is that CFX does not
>> have two keys for signing and sealing. It has one context key
>> and potentially one acceptor subkey. Besides that, this
>> proposal looks good to me.
Kevin> My intention was to make it simple for the calling code and
Kevin> simply return the derived keys to be used for signing and
Kevin> sealing -- whether they are derived from the
Kevin> context/session key or subkey. Am I misunderstanding how
Kevin> this works?
Yes, it doesn't work that way at all.
I also disagree somewhat with trying to make it easier for the calling
code. I'd rather simply export the minimum protocol quantities for
the calling code to do its job.
More information about the krbdev
mailing list