Session key extraction
Krishna Ganugapati
krishnag at likewisesoftware.com
Tue Dec 23 10:06:50 EST 2008
This is for interop with Windows protocols.
________________________________
From: Nicolas Williams [mailto:Nicolas.Williams at sun.com]
Sent: Mon 12/22/2008 9:27 PM
To: Krishna Ganugapati
Cc: Luke Howard; Sam Hartman; krbdev at mit.edu; Rahul Srinivas
Subject: Re: Session key extraction
On Mon, Dec 22, 2008 at 07:25:43PM -0500, Krishna Ganugapati wrote:
> We totally need this in our current shipping product. We'd like to
> remove our extra gss_inquire_context2 and use the standard distro
> one. Please kindly keep this feature.
If it's a for a proprietary protocol then I strongly urge you to apply
some key derivation function to the session key, preferably the krb5
mechanism's GSS_Pseudo_random(). If it's for interop with Windows
protocols, understood.
Nico
--
More information about the krbdev
mailing list