>>>>> "Alejandro" == Alejandro Perez Mendez <[email protected]> writes:
>> The acceptor verifies the initiator MIC and then, in its last
>> leg, calls GSS_GetMIC on the entire conversation (including both
>> last legs, excepting the acceptor MIC) and sends it in an
>> extension token to the initiator. The initiator verifies the
>> acceptor MIC before returning GSS_S_COMPLETE. (It is true that
>> this approach does require the client and server to maintain the
>> entire conversation state.)
Alejandro> Maybe this is just a stupid question, but do they really
Alejandro> need to maintain state of the entire conversation? I
Alejandro> mean, both parties could just maintain the result of a
Alejandro> hash over the conversation so far, built in an iterative
Alejandro> way. Something like this:
This is not a stupid question.
elThis is what I was trying to explain with my option 2 above.
The down side is you must decide on/negotiate a particular cryptographic
hash.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
