supportedKDFs in AuthPack not defined in RFC4556

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

supportedKDFs in AuthPack not defined in RFC4556

Li, Jiajia
Hi all,

In mit source code k5-int-pkinit.h:
/** AuthPack from RFC 4556*/
typedef struct _krb5_auth_pack {
    krb5_pk_authenticator       pkAuthenticator;
    krb5_subject_pk_info        *clientPublicValue; /* Optional */
    krb5_algorithm_identifier   **supportedCMSTypes; /* Optional */
    krb5_data                   clientDHNonce; /* Optional */
    krb5_data                   **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
} krb5_auth_pack;

It looks like MIT implementation is not sync with the RFC4556. Anybody know why?

Thanks
Jiajia
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: supportedKDFs in AuthPack not defined in RFC4556

Benjamin Kaduk-2
On Fri, 25 Dec 2015, Li, Jiajia wrote:

> Hi all,
>
> In mit source code k5-int-pkinit.h:
> /** AuthPack from RFC 4556*/
> typedef struct _krb5_auth_pack {
>     krb5_pk_authenticator       pkAuthenticator;
>     krb5_subject_pk_info        *clientPublicValue; /* Optional */
>     krb5_algorithm_identifier   **supportedCMSTypes; /* Optional */
>     krb5_data                   clientDHNonce; /* Optional */
>     krb5_data                   **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
> } krb5_auth_pack;
>
> It looks like MIT implementation is not sync with the RFC4556. Anybody know why?

See https://tools.ietf.org/html/draft-ietf-krb-wg-pkinit-alg-agility-07 .

-Ben
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

RE: supportedKDFs in AuthPack not defined in RFC4556

Li, Jiajia
Hi Ben,
Thanks you can point it out. It really help me.

Jiajia

-----Original Message-----
From: Benjamin Kaduk [mailto:[hidden email]]
Sent: Friday, December 25, 2015 2:38 PM
To: Li, Jiajia
Cc: [hidden email]
Subject: Re: supportedKDFs in AuthPack not defined in RFC4556

On Fri, 25 Dec 2015, Li, Jiajia wrote:

> Hi all,
>
> In mit source code k5-int-pkinit.h:
> /** AuthPack from RFC 4556*/
> typedef struct _krb5_auth_pack {
>     krb5_pk_authenticator       pkAuthenticator;
>     krb5_subject_pk_info        *clientPublicValue; /* Optional */
>     krb5_algorithm_identifier   **supportedCMSTypes; /* Optional */
>     krb5_data                   clientDHNonce; /* Optional */
>     krb5_data                   **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
> } krb5_auth_pack;
>
> It looks like MIT implementation is not sync with the RFC4556. Anybody know why?

See https://tools.ietf.org/html/draft-ietf-krb-wg-pkinit-alg-agility-07 .

-Ben

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev