[16058] in Kerberos_V5_Development
Re: Info regarding MIT 1.8 Crypto modularity feature.
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Mon Aug 16 10:25:55 2010
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: krbdev@mit.edu
Message-ID: <4C694A6A.5080409@secure-endpoints.com>
Date: Mon, 16 Aug 2010 10:25:46 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: krbdev@mit.edu
In-Reply-To: <FF453823-0F08-46A7-8DB8-85D835FC1085@mit.edu>
Reply-To: jaltman@secure-endpoints.com
Content-Type: multipart/mixed; boundary="===============0744734299=="
Errors-To: krbdev-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============0744734299==
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms020501010704050607070903"
This is a cryptographically signed message in MIME format.
--------------ms020501010704050607070903
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 8/16/2010 9:48 AM, Zhanna Tsitkova wrote:
> The selection of the crypto backend happens during the configure/build =
=20
> time.
> For example, to use openssl cryptography one needs to configure MIT =20
> Kerberos with option --with-crypto-impl=3Dopenssl. If this option is =20
> omitted, the default crypto. i.e. builtin, will be used.
> Only one crypto implementation per Kerberos crypto library is =20
> supported. This means that client/server does not have an option to =20
> specify the type of the desired crypto implementation during run-time. =
=20
> That said, it would be interesting to learn about the use case when =20
> one needs to have an option to switch between crypto implementations =20
> at run-time.
> Thanks,
> Zhanna
The most common use cases would be:
* FIPS 140.2 vs non-FIPS modes. In general non-FIPS will be faster
but for some situations a FIPS mode is required.
* Shipping a binary that can support hardware and non-hardware
implemented encryption.
* End user performance testing.
Jeffrey Altman
--------------ms020501010704050607070903--
--===============0744734299==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
--===============0744734299==--
