Session key extraction
Luke Howard
lukeh at padl.com
Tue Dec 23 01:06:22 EST 2008
On 23/12/2008, at 4:27 PM, Nicolas Williams wrote:
> On Mon, Dec 22, 2008 at 07:25:43PM -0500, Krishna Ganugapati wrote:
>> We totally need this in our current shipping product. We'd like to
>> remove our extra gss_inquire_context2 and use the standard distro
>> one. Please kindly keep this feature.
>
> If it's a for a proprietary protocol then I strongly urge you to apply
> some key derivation function to the session key, preferably the krb5
> mechanism's GSS_Pseudo_random(). If it's for interop with Windows
> protocols, understood.
It is for Windows interop.
-- Luke
More information about the krbdev
mailing list