svn commit: samba r21903 - in branches/SAMBA_3_0/source/libsmb:
.
Jeremy Allison
jra at samba.org
Tue Mar 27 00:50:00 GMT 2007
On Tue, Mar 27, 2007 at 09:37:40AM +1000, Luke Howard wrote:
>
> >I'm with Andrew here. Something smells funny about this from a
> >security perspective. I need to think about this more post-
> >coffee. :-)
>
> OK, I spoke to Jeremy... it sounds like his approach might be
> the simplest way to allow for rekeying and protecting the
> negotiation of encryption.
>
> I think I still would have a preference for a single negotiation
> of GSS context (until you need to rekey, at which point I would
> adopt the current approach). You could use CIFS signing to
> protect the negotiation of encryption.
I can see your point, I did consider adding the ability to stash
the gss context handles at sessionsetup time, but this does make
for much more complex code - and complex code is more likely to
screw up security-wise (IMHO). I prefered to make all keying go
through the same mechanism to make things simpler.
Jeremy.
More information about the samba-technical
mailing list