[23646] in Kerberos

home help back first fref pref prev next nref lref last post

Re: GSSAPI AES Support?

daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Tue Apr 5 13:50:34 2005

From: Jeffrey Altman <jaltman2@nyc.rr.com>
Message-ID: <OTz4e.41142$qn2.9729111@twister.nyc.rr.com>
Date: Tue, 05 Apr 2005 17:27:10 GMT
To: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu

MWChapel wrote:

> I don't see any AES support in 1.4 src either.
> 
> If so what are you using for your
> GSS_KRB5_CONF_C_QOP_AES128
> GSS_KRB5_CONF_C_QOP_AES256
> GSS_KRB5_INTEG_C_QOP_HMAC_SHA1_96_AES128
> GSS_KRB5_INTEG_C_QOP_HMAC_SHA1_96_AES256
> 
> As I see none in the source. If you will support AES in 1.4 GSSAPI,
> what rfc are you using to define those values. I would REALLY like to
> see this soon as an extension.
> 
> Michael Chapel
> Java Kerberos/JGSS Development
> IBM/Tivoli Java Security 
> Austin Texas

Michael:

GSSAPI AES is implemented using "The Kerberos Version 5 GSS-API
Mechanism: Version 2" which is approved and sitting in the RFC Editor's
queue awaiting publication.

http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-gssapi-cfx-07.txt

When this version is used, QOP values are ignored.  Therefore, there
are no QOP constants defined for AES128 or AES256 as AES can only be
used with GSS Krb5 Version 2.

Jeffrey Altman



________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post