summary of feedback on replay cache collision avoidance proposal

Greg Hudson ghudson at MIT.EDU
Tue Dec 30 19:02:43 EST 2008

On Tue, 2008-12-30 at 18:23 -0500, Tom Yu wrote:
> * General form of the extension encoding.  We don't have to exactly
>   specify how future extensions will work as long as we don't paint
>   ourselves into a corner.  I have suggested one (non-binary)
>   alternative on the project proposal page.  The extension for the
>   hash currently includes a hash algorithm identifier, but I am not
>   strongly attached to the idea.

I would prefer "HASH:" as the extension identification instead of just
"H:" but it's not a big deal.  (It's just a little clearer; using "H:"
now does not restrict us to single-byte identifiers in the future.)

There should presumably be a null byte after the ciphertext.

More information about the krbdev mailing list