The NULL Encryption System
Sam Hartman
hartmans at MIT.EDU
Mon Mar 29 15:17:09 EST 2004
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
Nicolas> On Mon, Mar 29, 2004 at 02:57:57PM -0500, Sam Hartman
Nicolas> wrote:
>> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com>
>> writes:
>>
Nicolas> Technically it was (and still is) used by some rfc1964
Nicolas> (krb5 gss mech) implementations for "encrypting" the
Nicolas> KRB-CRED encpart; other than this the null enctype has
Nicolas> not been used for anything else, nor should be.
>> No, if they used the null enctype, then you'd get an
>> EncryptedData with plaintext as ciphertext; you don't even get
>> that. You get the encrypted part of the krb_cred structure
>> encoded directly in the place where you'd expect an
>> EncryptedData.
Nicolas> My recollection of this is that at the first interim KRB
Nicolas> WG meeting at MIT Tom showed me the opposite, but I could
Nicolas> be wrong.
You and Tom are correct; I was missing a layer of decoding.
More information about the krbdev
mailing list