[17148] in Kerberos_V5_Development
Re: NSS for PKINIT, in-progress patches available, feedback sought
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Sep 8 14:56:53 2011
From: Sam Hartman <hartmans@mit.edu>
To: Greg Hudson <ghudson@mit.edu>
Date: Thu, 08 Sep 2011 14:56:46 -0400
In-Reply-To: <1315505801.718.47.camel@t410> (Greg Hudson's message of "Thu, 08
Sep 2011 14:16:41 -0400")
Message-ID: <tsl4o0m2781.fsf@mit.edu>
MIME-Version: 1.0
Cc: mrw@painless-security.com, Nalin Dahyabhai <nalin@redhat.com>,
"krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Painless Security is working on pkinit algorithm agility patches. Our
statement of work only includes openssl support and assumes that the new
KDF will be provided by each crypto implementation. My assumption is
that our patches will land on trunk first. You should plan on
implementing the pkinit algorithm agility KDF for NSS.
If the NSS patches are going to land first, then MIT will need to figure
out what to do as refactoring so that more of pkinit can be generic or
making support for the new KDF optional are both out of scope for our
current work.
We should have patches available for review shortly.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
