supportedKDFs in AuthPack not defined in RFC4556
Li, Jiajia
jiajia.li at intel.com
Fri Dec 25 01:45:37 EST 2015
Hi Ben,
Thanks you can point it out. It really help me.
Jiajia
-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk at MIT.EDU]
Sent: Friday, December 25, 2015 2:38 PM
To: Li, Jiajia
Cc: krbdev at mit.edu
Subject: Re: supportedKDFs in AuthPack not defined in RFC4556
On Fri, 25 Dec 2015, Li, Jiajia wrote:
> Hi all,
>
> In mit source code k5-int-pkinit.h:
> /** AuthPack from RFC 4556*/
> typedef struct _krb5_auth_pack {
> krb5_pk_authenticator pkAuthenticator;
> krb5_subject_pk_info *clientPublicValue; /* Optional */
> krb5_algorithm_identifier **supportedCMSTypes; /* Optional */
> krb5_data clientDHNonce; /* Optional */
> krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
> } krb5_auth_pack;
>
> It looks like MIT implementation is not sync with the RFC4556. Anybody know why?
See https://tools.ietf.org/html/draft-ietf-krb-wg-pkinit-alg-agility-07 .
-Ben
More information about the krbdev
mailing list