Review of AEAD Encryption API Project; concluding December 5, 2008

[Sam Hartman]

Folks, I'm calling for a review of
http://k5wiki.kerberos.org/wiki/Projects/AEAD_encryption_API                              .

   The Microsoft SSPI provides an interface for in-place encryption of messages (see
      MS-KILE section 3.4.5.4ff). This interface also permits additional data to be included
         in the checksum generated to protect integrity. Such a facility is called authenticated
            encryption with additional data (AEAD). The SSPI works at the GSS-API layer, rather than
               the raw Kerberos layer.

                  This project proposes to extend the raw Kerberos cryptographic API (krb5_c_*) in order
                     to make it possible to implement these SSPI facilities in an extension to the GSS-API.
                        The ultimate consumer of these applications is typically DCE-style RPC, although the
                           facilities could be used by other applications.