Review of AEAD Encryption API Project; concluding December 5, 2008

Love Hörnquist Åstrand lha at
Mon Dec 1 12:28:15 EST 2008

Sam, Luke, thanks for waiting the whole long weekend for comments.

I don't like making flags and type whole 32bit fields but can live  
with it.

I don't like having a flag for sign only, even though that more like  
how SSPI like does it, its a type and not a flag.

I don't like that flags are not specified for what types they are  
valid for.

I don't like that there are no examples.

The second api, that I assume is called gss_*_aead, is not at all  
specified. Even though its mentioned. Or is the simpler interface  

gss_wrap_iov_length() is under specified.

Re DCE, How does the caller now that know that the data is correctly  
padded and how do they get the padding size of before performing any  
operation given a gss_ctx_id_t ?

I'll sure there should be more questions showing up when this is tried  
out more. But lets start with these.


25 nov 2008 kl. 22:00 skrev Sam Hartman:

> Love, take a look at the Projects/GSSAPI  
> DCE 
>                                                                                page 
> .
> I believe it now includes enough of the GSS side API for comments.

More information about the krbdev mailing list