hartmans at MIT.EDU
Fri Feb 17 14:52:00 EST 2006
Unfortunately, expanding the lucid context and making krb5_derive_key
public both seem unacceptable.
The reason is the same. The representation of a derived key in RFC
3961 is crypto system specific. For some crypto systems you might
just store a key schedule in some very implementation specific form.
There's no reason to believe that all crypto systems will even call or
I think that you really do need a fairly full RFC 3961 implementation
in the kernel if you hope to avoid significant implementation
More information about the krbdev