Emotionally I think that I would say take them from the krb-wg registry so that they are not used there in the future which might lead to problems.
Logically, I don't think it matters. Jim > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Sam Hartman > Sent: Wednesday, October 05, 2011 10:19 AM > To: Luke Howard > Cc: [email protected] > Subject: Re: [abfab] Review of draft-ietf-abfab-gss-eap-02 > > >>>>> "Luke" == Luke Howard <[email protected]> writes: > > >> I'd prefer an RFC 3961 getmic directly using the CRK and a new > >> key usage. > > Luke> Sounds good -- and simple to implement. If we do this for > Luke> channel bindings too then we can allow the acceptor to ignore > Luke> them without disturbing the sequence state. That avoids the > Luke> overhead of sending a wrap token which we currently do. Can > Luke> you propose some key usage numbers? > > Do we want our own key usage registry or do we want to use krb-wg's? If > krb-wg's then I need to ask Tom Yu right now. If we want our own we can > add a registry in gss-eap. > > Using krb-wg's makes it very sure there won't be any attacks that result. > However it's probably fine for us to use our own if we guarantee that our key > usages will only be used with keys that we get from a GMSK rather than say > from a KDC. > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
