Below, Luke made a proposal for updating to using RFC 3961 checksums
rather than RFC 4121 tokens. The main effect is that channel bindings
data is smaller and that we avoid some potential sequencing issues if we
ever want to permit people to send messages before a context is fully
established.
I'd like to know if we have sufficient support to make this change.
If we do make this change we'll use key usage numbers allocated by Tom
Yu (not yet managed by IANA) rather than the ones listed below.
--sam
--- Begin Message ---
So, I propose that we replace the existing GSS channel binding and extension
wrap/MIC tokens (respectively) with RFC 3961 checksums using the CRK with the
following key usage numbers:
KEY_USAGE_CHANNEL_BINDINGS_MIC TBD
KEY_USAGE_ACCEPTOR_TOKEN_MIC TBD
KEY_USAGE_INITIATOR_TOKEN_MIC TBD
A nice property of this is that we can efficiently deal with large GSS channel
bindings (because we are sending a checksum rather than a wrap token; recall,
we previously sent a wrap token so that the acceptor could ignore channel
bindings without disturbing its sequence state).
Comments?
-- Luke
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
--- End Message ---
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
