[1036] in Kerberos_V5_Development
Proposed 3-DES Krb V5 gssapi extensions
daemon@ATHENA.MIT.EDU (Richard Basch)
Thu Mar 28 11:39:39 1996
Date: Thu, 28 Mar 1996 11:38:24 -0500
To: krbdev@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
From the GSS_Wrap text (*'d entries are what I propose)
0..1 TOK_ID 02 01
2..3 SGN_ALG 00 00 des-mac-md5
01 00 md2.5
02 00 des-mac
*03 00 des3-cbc-md5
4..5 SEAL_ALG ff ff none
00 00 des
*01 00 des3-cbc
6..7 Filler
8..15 SND_SEQ Encrypted sequence number
Now, I propose the following:
16..* SGN_CKSUM checksum, calculated according to SGN_ALG
(length also depends on SGN_ALG)
* Data
des3-cbc-md5 is computed by doing the same md5 calculation as
des-mac-md5 and then doing a des3-cbc operation on the digest, yielding
a 16 byte result. Also, GSS_GetMIC needs a little altering to match,
but the above shows the worst case.
Comments?
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
