On Wed, 2 Jan 2013, Simon Wilkinson wrote:
On 2 Jan 2013, at 22:28, Benjamin Kaduk wrote:
In addition to the introduction of RXGK com_err codes, I also pushed a
couple of commits from Mike Meffie. The first one is a reordering the
discussion of auth-only, integrity protection, and encryption for
packet handling, so as to match up with the order that the security
levels are introduced in. There's also some clarification of how
packet handling works for RXGK_AUTH, along with explicit diagrams for
the get_mic input blob and the on-the-wire data. Thanks, Mike!
In f39602cbebebeb777f7e0fd1d4ac90ef4c3d3a6e Mike has "The
RXGK_CLIENT_MIC_PACKET key" and "The RXGK_SERVER_MIC_PACKET key". These
are not keys, they are key usage values, as noted in the original text.
Also, the second piece of artwork suggests that the MIC will be an exact
multiple of 4 bytes - I don't think we actually have any such guarantee
from the RFC3961 profiles, and the danger is that this suggests that the
payload will be word aligned within the packet.
Attempts at fixing in:
78dad2d Use less-deceptive art for AUTH
57b0a21 Fix typo
-Ben
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://lists.openafs.org/mailman/listinfo/afs3-standardization
