IETF Logo Mail Archive

RE: Comments on draft-ietf-kitten-krb5-gssapi-prf-03.txt

Jeffrey Hutzelman <jhutz@cmu.edu> Mon, 23 May 2005 22:20 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DaLHY-00062Z-3j; Mon, 23 May 2005 18:20:20 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DaLHV-00062R-Ni for kitten@megatron.ietf.org; Mon, 23 May 2005 18:20:17 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA04594 for <kitten@ietf.org>; Mon, 23 May 2005 18:20:15 -0400 (EDT)
Received: from minbar.fac.cs.cmu.edu ([128.2.185.161]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DaLZW-0005xH-Kn for kitten@ietf.org; Mon, 23 May 2005 18:38:57 -0400
Received: from SIRIUS.FAC.CS.CMU.EDU ([128.2.209.170]) by minbar.fac.cs.cmu.edu id aa11401; 23 May 2005 18:20 EDT
Date: Mon, 23 May 2005 18:20:04 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: "Blumenthal, Uri" <uri.blumenthal@intel.com>, Nicolas Williams <Nicolas.Williams@sun.com>
Message-ID: <A0C4D039AEBAE0D167FB2FBF@sirius.fac.cs.cmu.edu>
In-Reply-To: <3DEC199BD7489643817ECA151F7C5929012EB5EC@pysmsx401.amr.corp.intel.com>
References: <3DEC199BD7489643817ECA151F7C5929012EB5EC@pysmsx401.amr.corp.int el.com>
Originator-Info: login-token=Mulberry:01yQS6MzNsL6cVTzK0/ILqomB28V5QODM2eeiY/4Q=; token_authority=postmaster@andrew.cmu.edu
X-Mailer: Mulberry/3.1.6 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Content-Transfer-Encoding: 7bit
Cc: kitten@ietf.org, Ken Raeburn <raeburn@MIT.EDU>
Subject: RE: Comments on draft-ietf-kitten-krb5-gssapi-prf-03.txt
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Sender: kitten-bounces@lists.ietf.org
Errors-To: kitten-bounces@lists.ietf.org


On Monday, May 23, 2005 06:11:56 PM -0400 "Blumenthal, Uri" 
<uri.blumenthal@intel.com> wrote:

> Darn... You start giving advices, and now they demand the actual text
> from you! Next you know they'll ask for an implementation! :-)
>
> How about:
>
> Pseudorandom functions by their nature are capable of producing only
> limited amount of cryptographically secure output. The exact amount of
> output that one can safely use, unfortunately varies from one PRF to
> another (which prevents us from recommending specific numbers). Because
> of this, we recommend that unless you really know what you are doing
> (i.e. you are a cryptographer and are qualified to pass judgement on
> cryptographic functions in areas of period, presence of short cycles,
> etc) - you limit the amount of the PRF output to the necessary minimum.

This is pretty good.


s/limited amount/limited amounts/
s/ - /, /
and maybe "limit the amount of PRF output used" ?


-- Jeff

_______________________________________________
Kitten mailing list
Kitten@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

v2.23.0 | Report a Bug | By Email