Re: CIFS and the krb5 PRF

To: Matt Peterson <mpeterson at vintela.com>
Subject: Re: CIFS and the krb5 PRF
From: Sam Hartman <hartmans-ietf at mit.edu>
Date: Sun, 26 Jun 2005 19:35:51 -0400
Cc: kitten at ietf.org
In-reply-to: <200504211232.20480.mpeterson@vintela.com> (Matt Peterson's message of "Thu, 21 Apr 2005 12:32:20 -0600")
List-archive: <http://www1.ietf.org/pipermail/kitten>
List-help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-post: <mailto:kitten@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
References: <1113608643.7488.274.camel@amy.samba4.abartlet.net> <42607B3A.3010806@columbia.edu> <42608663.2060506@sun.com> <200504211232.20480.mpeterson@vintela.com>
Sender: kitten-bounces at lists.ietf.org
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

>>>>> "Matt" == Matt Peterson <mpeterson at vintela.com> writes:

    Matt> Hi,
    >> > Jeffrey Altman wrote: > I have started a discussion with you
    >> on the krbdev at mit.edu mailing > list. Let's take this
    >> discussion there. I am sure that we can work > with you to get
    >> the functionality you need into a future release > without
    >> muddying the GSS standards track.

    Matt> So can someone explain why this is a krbdev at mit.edu
    Matt> discussion and not something suited to the kitten list?  I
    Matt> don't think it is mudding the waters at all.  It seems to me
    Matt> like a legitmate request for generic API functionality.

I think the argument is that it is outside the kitten charter.

Speaking as an individual, I don't want to see kitten become a forum
for Microsoft interoperability.  I'd rather see the GSSAPI be a well
designed security API, not one forced to support all the mistakes
Microsoft made.  We'll be busy enough supporting the mistakes we make.

That said, I believe we may actually want an API for extracting the
key or at least something that maps on the EAP MSK and EMSK.

    Matt> I agree with Nico's post...

    >> On Friday 15 April 2005 22:01, Nicolas Williams wrote: [snip]
    >> *That* function cannot be standardized, but *a* function like
    >> it that did not use the 'krb5_keyblock' type *could* be made a
    >> standard mechanism-specific GSS-API extension.
    >> 
    >> And why not?  SPNEGO has mechanism-specific extensions too...
    >> 
    >> I'd have the function output an INTEGER corresponding to the
    >> key's enctype and an OCTET STRING corresponding to the key's
    >> value.  The C-bindings of that would be straightforward.

    Matt> I think that GSS-API needs to respond to the types of
    Matt> request being made by the Samba team for a usable API.  Why
    Matt> can't we talk about standardizing a function instead of
    Matt> shuffling the discussion off to an implementation specific
    Matt> mailing list?

    Matt> -- Matt

    Matt> _______________________________________________ Kitten
    Matt> mailing list Kitten at lists.ietf.org
    Matt> https://www1.ietf.org/mailman/listinfo/kitten


_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

Follow-Ups:
- Re: CIFS and the krb5 PRF
  - From: Andrew Bartlett

References:
- CIFS and the krb5 PRF
  - From: Andrew Bartlett
- Re: CIFS and the krb5 PRF
  - From: Jeffrey Altman
- Re: CIFS and the krb5 PRF
  - From: Wyllys Ingersoll
- Re: CIFS and the krb5 PRF
  - From: Matt Peterson

Prev by Date: Re: Proposed PRF changes to address Ken's comments
Next by Date: Re: CIFS and the krb5 PRF
Previous by thread: Re: CIFS and the krb5 PRF
Next by thread: Re: CIFS and the krb5 PRF
Index(es):
- Date
- Thread

Re: CIFS and the krb5 PRF

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.