RFC 6542 adopted by MIT krb5?
Wang Weijun
weijun.wang at oracle.com
Thu Oct 15 04:00:27 EDT 2015
We (Java team at Oracle) are going through weak algorithms in all our code and noticed our krb5 GSS-API mech is using MD5 in channel binding. I noticed RFC 6542 already updated it. Does MIT krb5 support it?
src/lib/gssapi/krb5/util_cksum.c has
/* Checksumming the channel bindings always uses plain MD5. */
krb5_error_code
kg_checksum_channel_bindings(context, cb, cksum)
Is that comment still precise? I tried to search for RFC 6542 site:mit.edu and also found nothing.
Thanks
Max
More information about the krbdev
mailing list