[1228] in Kerberos_V5_Development
Re: mk_safe vs. mk_priv
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu May 23 13:16:02 1996
To: "Richard Basch" <basch@lehman.com>
Cc: krbdev@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 23 May 1996 13:15:14 -0400
In-Reply-To: "Richard Basch"'s message of Thu, 23 May 1996 00:00:13 -0400
>>>>> ""Richard" == "Richard Basch" <basch@lehman.com> writes:
"Richard> Also, what we are trying
"Richard> to avoid is rarely done; very seldom is the same key
"Richard> used by two different applications (or even the same
"Richard> application) to simply sign data and to encrypt data.
With the notable exception of the host key which is used by
too many applications in the Kerberos distribution already, and which
third-party applications may use. Fortunately, besides GSSAPI, no one
tends to just sign data.
However we should deal with applications like ftp that have both a clear and safe mode. I realize GSSAPI does not use the mk_safe or mk_priv code, but does it use the session key both for signing and for encryption?
