Review of AEAD Encryption API Project; concluding December 5, 2008

Nicolas Williams Nicolas.Williams at
Mon Dec 1 16:21:58 EST 2008

On Mon, Dec 01, 2008 at 10:29:41AM -0800, Love Hörnquist Åstrand wrote:
> >For the decrypt side I think you need the option for:
> >
> >[...]
> What would be reason to use TYPE_STREAM instead of the old api's ?

In a reply to Sam I described an NFSv4-like protocol with COMPOUND-like
messages and RDDP-like (different parts of the message will be deivered
by the NIC into different locations in memory on receive, and may come
from different locations in memory on send).

> >2. Zero or more buffers of type KRB5_CRYPTO_TYPE_SIGN_ONLY
> >3. One or more buffers of type KRB5_CRYPTO_TYPE_DATA to hold the  
> >output
> >
> >  Instead of exactly one KRB5_CRYPTO_TYPE_DATA chunk.
> >
> >  The sizes of the input and output chunks should be matched for best
> >  results.
> I think there should be zero or more of both for of them. It seems  
> strange to need to include a zero length DATA when I want to send an  
> empty message with only a header.

Good point!


More information about the krbdev mailing list