RFC 6542 adopted by MIT krb5?

Wang Weijun weijun.wang at oracle.com
Thu Oct 15 04:00:27 EDT 2015

We (Java team at Oracle) are going through weak algorithms in all our code and noticed our krb5 GSS-API mech is using MD5 in channel binding. I noticed RFC 6542 already updated it. Does MIT krb5 support it?

src/lib/gssapi/krb5/util_cksum.c has

  /* Checksumming the channel bindings always uses plain MD5.  */
  kg_checksum_channel_bindings(context, cb, cksum)

Is that comment still precise? I tried to search for RFC 6542 site:mit.edu and also found nothing.


More information about the krbdev mailing list