Review of AEAD Encryption API Project; concluding December 5, 2008
Love Hörnquist Åstrand
lha at kth.se
Mon Nov 24 14:43:39 EST 2008
I find this very un-important since what matters is the gss-api
interface.
Also, changing the API have reprocusions for Heimdal that have the
same API (in abstract).
Love
24 nov 2008 kl. 20:28 skrev Sam Hartman:
> Folks, I'm calling for a review of
> http://k5wiki.kerberos.org/wiki/Projects/
> AEAD_encryption_API .
>
> The Microsoft SSPI provides an interface for in-place encryption
> of messages (see
> MS-KILE section 3.4.5.4ff). This interface also permits
> additional data to be included
> in the checksum generated to protect integrity. Such a
> facility is called authenticated
> encryption with additional data (AEAD). The SSPI works at
> the GSS-API layer, rather than
> the raw Kerberos layer.
>
> This project proposes to extend the raw Kerberos
> cryptographic API (krb5_c_*) in order
> to make it possible to implement these SSPI
> facilities in an extension to the GSS-API.
> The ultimate consumer of these applications
> is typically DCE-style RPC, although the
> facilities could be used by other
> applications.
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list