Review of AEAD Encryption API Project; concluding December 5, 2008

Sam Hartman hartmans at MIT.EDU
Mon Nov 24 15:39:15 EST 2008

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> On Mon, Nov 24, 2008 at 11:43:39AM -0800, Love
    Nicolas> Hörnquist Åstrand wrote:
    >> I find this very un-important since what matters is the gss-api
    >> interface.

    Nicolas> I agree that we should start with a GSS-API extension
    Nicolas> design.  Since this is for DCE-style stuff, why not start
    Nicolas> with a set of requirements for that first, then the
    Nicolas> GSS-API extensions, finally the krb5 API extensions?

Because we're doing design after implementation.  Or rather we're
writing up a proposed design after implementation; obviously that can
change based on feedback.

Luke Howard has been writing code on the mskrb-integ branch; Luke and I have been workingthrough some of the issues.

I think we're reasonably certain that this API will work for GSS-API.
This project came forward first because it was ready first; you can
take a look at the GSSAPI project, but it's not really documented
enough to bring forward for review.

More information about the krbdev mailing list