>>>>> "Luke" == Luke Howard <[email protected]> writes:
>> I'd prefer an RFC 3961 getmic directly using the CRK and a new
>> key usage.
Luke> Sounds good -- and simple to implement. If we do this for
Luke> channel bindings too then we can allow the acceptor to ignore
Luke> them without disturbing the sequence state. That avoids the
Luke> overhead of sending a wrap token which we currently do. Can
Luke> you propose some key usage numbers?
Do we want our own key usage registry or do we want to use krb-wg's? If
krb-wg's then I need to ask Tom Yu right now. If we want our own we can
add a registry in gss-eap.
Using krb-wg's makes it very sure there won't be any attacks that
result. However it's probably fine for us to use our own if we
guarantee that our key usages will only be used with keys that we get
from a GMSK rather than say from a KDC.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
