Review of AEAD Encryption API Project; concluding December 5, 2008

Nicolas Williams Nicolas.Williams at
Mon Dec 1 15:05:40 EST 2008

On Mon, Dec 01, 2008 at 03:01:53PM -0500, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:
>     Nicolas> Think of NFSv4-like COMPOUND above RDDP.  A COMPOUND
>     Nicolas> could have two bulk data operations interspersed with
>     Nicolas> other operations.
> I'm still missing it.
> Why do you think this compound will not be able to identify the crypto header and trailer?

That's not the problem.  The problem is that in that example there are
two large chunks of data that will be directly placed into different

Think of a pattern like: crypto header, app header, app data, app
header, app data, ..., crypto trailer, MIC.

>     Nicolas> I understand that, but please don't paint yourselves into
>     Nicolas> a corner on this.
> I think expanding the API in the future would be easy from an
> interface standpoint.  I think that the current behavior is to return
> an error if you pass in multiple stream buffers, so you can tell which
> API you have.

Make sure the same applies to the GSS-API extensions.


More information about the krbdev mailing list