|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Greg Hudson <ghudson@mit.edu> To: "Richard E. Silverman" <res@qoxp.net> In-Reply-To: <m2k4qevk9n.fsf@darwin.oankali.net> Date: Fri, 04 Jun 2010 12:45:30 -0400 Message-ID: <1275669930.2419.856.camel@ray> Mime-Version: 1.0 Cc: "kerberos@mit.edu" <kerberos@mit.edu> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kerberos-bounces@mit.edu On Fri, 2010-06-04 at 12:24 -0400, Richard E. Silverman wrote: > I tracked down the bug. With apologies for being a pain in the butt, I'm not sure we understand the situation well enough to safely make a change. Providing zero-length input data is not the same as not providing any input data. The change you suggested could have interoperability or security ramifications if an application genuinely wants to checksum the empty string in an authenticator. Moreover, the mk_req_ext behavior you're proposing to change did not change between 1.6 and current. The behavior of callers may have changed, of course. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |