Session key extraction
Luke Howard
lukeh at padl.com
Tue Dec 23 19:46:20 EST 2008
On 24/12/2008, at 11:38 AM, Sam Hartman wrote:
>>>>>> "Luke" == Luke Howard <lukeh at padl.com> writes:
>
>>> The project proposal should be specific as to which subset of
>>> these you plan to implement.
>
> Luke> OK.
>
>>> Also, there's the question of what base OIDs to use.
>
> Luke> True, currently they're under the PADL arc but I will change
> Luke> this.
>
> padl arc is fine.
> If you use another arc make sure you get it registered or note it
> for me to deal with.
I changed it to the following:
* Provisionally reserved for Kerberos session key algorithm
* identifiers is:
* iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) krb5_enctype(4) = 1.2.840.113554.1.2.2.4
* Provisionally reserved for Kerberos mechanism-specific APIs:
* iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) krb5_gssapi_ext(5) = 1.2.840.113554.1.2.2.5
(Recall 1.2.840.113554.1.2.2.3 is used by Microsoft's user-to-user
mechanism.)
-- luke
More information about the krbdev
mailing list