Can we sort preauth data in an AS reply

Nicolas Williams Nicolas.Williams at
Tue Oct 3 15:19:38 EDT 2006

On Tue, Oct 03, 2006 at 02:40:12PM -0400, Sam Hartman wrote:
> Under what circumstances is it reasonable for a client to process
> padata out of order?  I'd assume it is reasonable to process any
> padata in a preauth_needed error that has no associated data out of
> order, but what about other circumstances?

That seems like a question for the KRB WG list.  My tentative answer:
it'd be best if we could rely on ordered processing of padata, where the
order in which it's processed is the order in which it appears in the
PDU.  BUT, from a security analysis point of view, for now we must
assume that padata have been re-ordered in-flight.


More information about the krbdev mailing list