Review of AEAD Encryption API Project; concluding December 5, 2008

Sam Hartman hartmans at MIT.EDU
Mon Nov 24 14:28:12 EST 2008

Folks, I'm calling for a review of                              .

   The Microsoft SSPI provides an interface for in-place encryption of messages (see
      MS-KILE section This interface also permits additional data to be included
         in the checksum generated to protect integrity. Such a facility is called authenticated
            encryption with additional data (AEAD). The SSPI works at the GSS-API layer, rather than
               the raw Kerberos layer.

                  This project proposes to extend the raw Kerberos cryptographic API (krb5_c_*) in order
                     to make it possible to implement these SSPI facilities in an extension to the GSS-API.
                        The ultimate consumer of these applications is typically DCE-style RPC, although the
                           facilities could be used by other applications.

More information about the krbdev mailing list