Can we sort preauth data in an AS reply
jhutz at cmu.edu
Tue Oct 3 17:55:10 EDT 2006
On Tuesday, October 03, 2006 05:20:20 PM -0400 Sam Hartman
<hartmans at MIT.EDU> wrote:
>>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at cmu.edu> writes:
> Jeffrey> I see no reason why a client shouldn't be able to process
> Jeffrey> padata in any order it wants
> Certainly my preauth framework draft contemplated incrementally
> strengthening the reply key as you went through the padata in the
> order supplied by the KDC.
I don't think there is anything which prevents the introduction of new PA
types or sets of PA types which must be processed in a specific order,
provided the specifications for those types describe this. I also don't
think there's anything today which makes it reasonable to assume that
clients will process existing PA types in any particular order.
I think it would be a good idea to ask the WG if people anticipate
introducing types where order matters, if you think that an accurate
prediction today will make your life as an implementor easier in the future.
More information about the krbdev