[SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
Andrew Bartlett
abartlet at samba.org
Sun Sep 11 08:32:22 GMT 2005
On Sun, 2005-09-11 at 08:54 +1000, Andrew Bartlett wrote:
> On Sat, 2005-09-10 at 18:38 -0400, Ken Raeburn wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Sep 10, 2005, at 02:09, Andrew Bartlett wrote:
> > > Sadly it is a mistake that DCE/RPC forces on us: While I presume you
> > > could simply expand the data portion for the full wrapped data,
> > > Microsoft chose to place the signature in the traditional place,
> > > separate from the main data. We have to be compatible with that.
> > [...]
> > > As such, I'm in a no-win situation, and took the least ugly way
> > > out :-)
> >
> > Pragmatically, yes, it sounds like you're stuck implementing
> > something along these lines. But I think it would be a bit less ugly
> > if the naming made it clear that it's a DCE/RPC thing, not a general
> > GSSAPI thing. DCE/RPC isn't GSSAPI. Likewise for gss_wrap_ex, if it
> > separates the signature, though I could certainly see AEAD being a
> > useful GSSAPI addition (and wish we'd had time to properly consider
> > it for RFC 3961 -- Kerberos cryptosystems -- as well).
>
> Any suggestions as to the name? While the particular need here is for
> DCE/RPC, I imagine it is not the only framing that is painful in this
> respect...
Given all this discussion, I'll probably rename it to
gsskrb5_wrap_size(), as that's all it's valid for.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050911/f7ca9b25/attachment.bin
More information about the samba-technical
mailing list