[Kevin Coffman] Proposal to export gssapi context
kwc at citi.umich.edu
Wed Mar 10 16:39:31 EST 2004
> > Comments, suggestions, welcome.
> I read this over real quick on the train and will surely have more comments
> when I try to implement it.
> Why is cksumtype and acceptor_subkey_cksumtype included, they are implied
> by the key's enctype.
> Is this really not kerberos specific ? Then why send oid ?
Yes, the current proposal is Kerberos Mechanism specific.
These sound reasonable. I'll change them.
> What is the format of sign_alg/seal_alg ? They are defined as octet data in
> rfc1964 not integers.
I'll look into this.
> How will you deal with SPKM/LIPKEY ? Have anyone updated the spec so its
> possible to implement now ?
I began trying to come up with something general enough for Kerberos and
our (not-quite-complete) spkm-3 implementation, but it didn't seem
reasonable. The current plan is to have a separate mech-specific context
extraction routine. If anyone has ideas, that would be great.
More information about the krbdev