Note with GSS EAP we don't need to negotiate the hash function inside our mechanism because it falls out of the enctype, and that in turn from the mech OID, so GSS negotiates for us. Assuming you only want to use the mandatory checksum type, of course.
Von meinem iPhone gesendet Am 01/04/2011 um 1:50 schrieb Nico Williams <[email protected]>: > On Thu, Mar 31, 2011 at 9:34 AM, Alejandro Perez Mendez <[email protected]> wrote: >> Maybe this is just a stupid question, but do they really need to maintain >> state of the entire conversation? I mean, both parties could just maintain >> the result of a hash over the conversation so far, built in an iterative >> way. Something like this: >> >> state' = hash (state, new_message) >> >> At the end of the conversation, they could compute GSS_mic over the state. >> >> May be the overload of computing such hashes is worse than the memory needed >> to store the entire state. > > That's what TLS does. It's clever, and it works, but you get into > hash agility issues. If you need to negotiate a hash function (and > you will), then you find yourself back at square #1 because at least > for the first N messages, where N >=1 (but probably N == 1) you don't > know what the hash algorithm will be. Either you use all your hash > functions (whoops! slow!) or you hold the message(s) in memory > (expensive). > > The good news is that most new phones and such devices have enough > memory for this (and then some). > > Nico > -- > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
