We went back and forth on the usefulness and implementability of the conversation MIC in GSS EAP. Recall that it was difficult to have more than two of hash agility, minimum state and RFC 3961 compatibility. Even the key confirmation approach would have required changes to RFC 3961 and many existing Kerberos libraries (because there is no Update function).
Instead I propose (well, Sam proposes and I implemented) the following. On the initiator extension token leg (the last token from the initiator), a MIC is sent of the mechanism OID and the extension tokens, excluding the MIC token. The acceptor verifies it and generates a MIC of its extension token to send to the initiator. The initiator verifies this. This gives us protection of all extension tokens sent in the last round trip. -- Luke _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
