On 13/05/2015 21:37, Jeffrey Altman wrote:
On 5/13/2015 3:17 PM, Nico Williams wrote:
Kerberos in particular supports PROT_READY. There is no Kerberos IV GSS
mechanism, FYI. I'd never heard of GSS-SRP-6a; do you have a reference?
Nico,
Look for draft-burdis-cat-srp-sasl. It was never standardized but I
believe there is an implementation in Cyrus/SASL. This is the most
recent version I could find
http://www.opensource.apple.com/source/passwordserver_sasl/passwordserver_sasl-159/cyrus_sasl/doc/draft-burdis-cat-srp-sasl-xx.txt
Jeffrey Altman
No, I was referring to the (apparently never defined,
though I thought it was) use of RFC2945 (SRP 3) as a
GSS mechanism, with the additional bug fixes in SRP-6
(RFC5054) and SRP-6a (no RFC). Here I am referring
to the SRP mechanism enhancements in RFC5054, not the
TLS binding also in RFC5054.
Because SRP-3 and SRP-6 is (from the outside) a kind
of authenticated DH exchange, neither end will be
ready to calculate MIC values until the primary
exchange messages have been completed (this does not
include any additional key confirmation messages that
might be folded into the channel binding legs).
This differs from Kerberos, where each end knows the
MIC key before sending its first GSS token.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
