export list symbols
simon at sxw.org.uk
Tue Oct 20 13:39:53 EDT 2009
> Think of TELNET and AFS, which, I know are not exactly good examples
> here (in large part because they pre-date RFC3961), but they are good
> examples of apps which, if they really had to avoid KRB-SAFE/PRIV or
> GSS-API (e.g., because of per-token/message overhead), then really
> should have used _a_ cryptographic protocol framework, of which
> is a reasonable example.
> IMO Kerberos implementors SHOULD export RFC3961 interfaces.
Just as a data point, the AFS community is currently considering a new
security layer, rxgk, which makes use of RFC3961 for all of its bulk
crypto needs. The more 3961 implementations available to choose
between, the better!
More information about the krbdev