Serialization framework future
Nico Williams
nico at cryptonector.com
Thu May 31 10:41:29 EDT 2012
On Thu, May 31, 2012 at 7:37 AM, Sam Hartman <hartmans at mit.edu> wrote:
> I agree with nico that the serialization format for credentials should
> be the krb-cred we just standardized in the IETF.
Note that KRB-CRED's KrbCredInfo doesn't include authorization-data.
Is that important? I think it could be! Couldn't we add that to
KrbCredInfo? The obvious answer is that we can't just modify KRB-CRED
as senders would have to negotiate recipient support for that. But we
could have additional fields in KrbCredInfo for serialization
purposes.
I'd still rather use KRB-CRED.
Nico
--
More information about the krbdev
mailing list