Re: [kitten] GSS-only enctypes
Benjamin Kaduk <kaduk@MIT.EDU> Wed, 01 April 2015 20:05 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 778971A9063 for <kitten@ietfa.amsl.com>; Wed, 1 Apr 2015 13:05:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ajHd9jJA1mWm for <kitten@ietfa.amsl.com>; Wed, 1 Apr 2015 13:05:05 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id 454D71A9041 for <kitten@ietf.org>; Wed, 1 Apr 2015 13:05:02 -0700 (PDT)
X-AuditID: 12074422-f79cb6d000000d7b-43-551c4f6d941c
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id EB.C3.03451.D6F4C155; Wed, 1 Apr 2015 16:05:01 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id t31K514h022308; Wed, 1 Apr 2015 16:05:01 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t31K4wTU016977 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 1 Apr 2015 16:05:00 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t31K4wHL028958; Wed, 1 Apr 2015 16:04:58 -0400 (EDT)
Date: Wed, 01 Apr 2015 16:04:58 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Nico Williams <nico@cryptonector.com>
In-Reply-To: <CAK3OfOj+Pe8kdAqfXR5EJgw38ekHSUwYv7NBEAZU3FpScbH3cw@mail.gmail.com>
Message-ID: <alpine.GSO.1.10.1504011603320.22210@multics.mit.edu>
References: <CAK3OfOj+Pe8kdAqfXR5EJgw38ekHSUwYv7NBEAZU3FpScbH3cw@mail.gmail.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBIsWRmVeSWpSXmKPExsUixCmqrZvrLxNqsLDR2OLo5lUsFqeuHWFz YPJ4eeoco8eSJT+ZApiiuGxSUnMyy1KL9O0SuDL2vLAtaGKt6Lzwi7mBsZmli5GTQ0LAROLC yh3MELaYxIV769m6GLk4hAQWM0ncmrKbGcLZwCjRuWcJI4RzkEni+qkNYO1CAvUSn87dAbNZ BLQkWo5cABvFJqAiMfPNRjYQW0RAU+L6vKVgNrOAusS3M28YQWxhIHvOr2lgvZwCgRKnFkxi ArF5BRwl5hxZxg4xP0BiT+8hsLiogI7E6v1TWCBqBCVOznzCAjFTS2L59G0sExgFZyFJzUKS WsDItIpRNiW3Sjc3MTOnODVZtzg5MS8vtUjXVC83s0QvNaV0EyMoUNldlHYw/jyodIhRgINR iYe3IUo6VIg1say4MvcQoyQHk5Ior6ivTKgQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEV5JEaAc b0piZVVqUT5MSpqDRUmcd9MPvhAhgfTEktTs1NSC1CKYrAwHh5IEr7cfUKNgUWp6akVaZk4J QpqJgxNkOA/QcCOQGt7igsTc4sx0iPwpRl2OO1P+L2ISYsnLz0uVEud9AXKdAEhRRmke3BxY gnnFKA70ljDvI5AqHmBygpv0CmgJE9ASh3nSIEtKEhFSUg2M4rvv/eV8OoXRxFJPgdXipUr0 nZdVD//IfNZ+0P/06t8NGf3lKldzJz/mTDBb9L/UqGTrpPKle7QiLXYo3RU5aua/UPLv1Jnz nr3WE9514Os5XY/dTJEl8z0dm6+YVIgk1MreqX7HwvCAJ7Tt9POdlybN52aIrdF0qxW2f1a8 YL6gYoa7l1WhEktxRqKhFnNRcSIAr9mgZwsDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/rqXjKlVEJPZlfnDyN_EeI91WAbU>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] GSS-only enctypes
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 20:05:07 -0000
On Tue, 31 Mar 2015, Nico Williams wrote: > I think the consensus at the meeting was that we could indeed reuse > the Kerberos enctype number space for GSS-only enctypes, since there > is some precedent for this. It would be significantly easier, from an > implementation perspective, to do just that. I'm not sure that we got enough active input at the meeting on this question to be able to declare consensus. Regardless, we should ask the list if there are objections to (or support for) using the Kerberos enctype number space for enctypes with restricted usability (i.e., only for subsession keys, or GSS, etc.). -Ben
- [kitten] GSS-only enctypes Nico Williams
- Re: [kitten] GSS-only enctypes Benjamin Kaduk
- Re: [kitten] GSS-only enctypes Greg Hudson
- Re: [kitten] GSS-only enctypes Nico Williams
- Re: [kitten] GSS-only enctypes Tom Yu
- Re: [kitten] GSS-only enctypes Nico Williams
- Re: [kitten] GSS-only enctypes Benjamin Kaduk
- Re: [kitten] GSS-only enctypes Nico Williams