> I'd prefer an RFC 3961 getmic directly using the CRK and a new key > usage.
Sounds good -- and simple to implement. If we do this for channel bindings too then we can allow the acceptor to ignore them without disturbing the sequence state. That avoids the overhead of sending a wrap token which we currently do. Can you propose some key usage numbers? > I thought there was some reason you didn't want to do that though. I > thought I brought up using 3961 directly here. > Reauth? No, the reason was I was hoping that it might be possible to reuse existing RFC 4121 implementations (e.g. on Windows). But I realise now that both options are equally (im)practical. -- Luke _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
