Review of AEAD Encryption API Project; concluding December 5, 2008
hartmans at MIT.EDU
Mon Nov 24 14:28:12 EST 2008
Folks, I'm calling for a review of
The Microsoft SSPI provides an interface for in-place encryption of messages (see
MS-KILE section 188.8.131.52ff). This interface also permits additional data to be included
in the checksum generated to protect integrity. Such a facility is called authenticated
encryption with additional data (AEAD). The SSPI works at the GSS-API layer, rather than
the raw Kerberos layer.
This project proposes to extend the raw Kerberos cryptographic API (krb5_c_*) in order
to make it possible to implement these SSPI facilities in an extension to the GSS-API.
The ultimate consumer of these applications is typically DCE-style RPC, although the
facilities could be used by other applications.
More information about the krbdev