Review of AEAD Encryption API Project; concluding December 5, 2008
Nicolas Williams
Nicolas.Williams at sun.com
Mon Dec 1 16:21:58 EST 2008
On Mon, Dec 01, 2008 at 10:29:41AM -0800, Love Hörnquist Åstrand wrote:
> >For the decrypt side I think you need the option for:
> >
> >[...]
>
> What would be reason to use TYPE_STREAM instead of the old api's ?
In a reply to Sam I described an NFSv4-like protocol with COMPOUND-like
messages and RDDP-like (different parts of the message will be deivered
by the NIC into different locations in memory on receive, and may come
from different locations in memory on send).
> >2. Zero or more buffers of type KRB5_CRYPTO_TYPE_SIGN_ONLY
> >3. One or more buffers of type KRB5_CRYPTO_TYPE_DATA to hold the
> >output
> >
> > Instead of exactly one KRB5_CRYPTO_TYPE_DATA chunk.
> >
> > The sizes of the input and output chunks should be matched for best
> > results.
>
> I think there should be zero or more of both for of them. It seems
> strange to need to include a zero length DATA when I want to send an
> empty message with only a header.
Good point!
Nico
--
More information about the krbdev
mailing list