[Kevin Coffman] Proposal to export gssapi context

Kevin Coffman kwc at citi.umich.edu
Wed Mar 10 16:39:31 EST 2004

> > Comments, suggestions, welcome.
> I read this over real quick on the train and will surely have more comments
> when I try to implement it.
> Why is cksumtype and acceptor_subkey_cksumtype included, they are implied
> by the key's enctype.
> Is this really not kerberos specific ? Then why send oid ?

Yes, the current proposal is Kerberos Mechanism specific.
These sound reasonable.  I'll change them.

> What is the format of sign_alg/seal_alg ? They are defined as octet data in
> rfc1964 not integers.

I'll look into this.

> How will you deal with SPKM/LIPKEY ? Have anyone updated the spec so its
> possible to implement now ?

I began trying to come up with something general enough for Kerberos and
our (not-quite-complete) spkm-3 implementation, but it didn't seem
reasonable. The current plan is to have a separate mech-specific context
extraction routine. If anyone has ideas, that would be great.

More information about the krbdev mailing list