[263] in Kerberos_V5_Development
Application identifiers on all ASN.1 types?
jtkohl@ATHENA.MIT.EDU (jtkohl@ATHENA.MIT.EDU)
Thu Aug 30 11:33:24 1990
I'm considering putting an [APPLICATION x] qualifier on all the
sequences defined in the KRB5-asn.py interface.
This will expand the encoding slightly for those types, BUT it will make
it absolutely unambiguous what part of a message a particular encoding
belongs to.
This will be a benefit for the encrypted portions, since upon decryption
the result will identify what sub-message it forms, and you won't be
able to put an encrypted KRB_PRIV message in the place of an
authenticator.
[Since we assume someone can't slice parts out of encrypted messages and
get worthwhile data, due to chaining effects, having them put
authenticator data in the KRB_PRIV data area isn't a problem.]
