supportedKDFs in AuthPack not defined in RFC4556
Benjamin Kaduk
kaduk at MIT.EDU
Fri Dec 25 01:37:59 EST 2015
On Fri, 25 Dec 2015, Li, Jiajia wrote:
> Hi all,
>
> In mit source code k5-int-pkinit.h:
> /** AuthPack from RFC 4556*/
> typedef struct _krb5_auth_pack {
> krb5_pk_authenticator pkAuthenticator;
> krb5_subject_pk_info *clientPublicValue; /* Optional */
> krb5_algorithm_identifier **supportedCMSTypes; /* Optional */
> krb5_data clientDHNonce; /* Optional */
> krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
> } krb5_auth_pack;
>
> It looks like MIT implementation is not sync with the RFC4556. Anybody know why?
See https://tools.ietf.org/html/draft-ietf-krb-wg-pkinit-alg-agility-07 .
-Ben
More information about the krbdev
mailing list