[39279] in Kerberos
Re: RFC 4121 & acceptor subkey use in MIC token generation
daemon@ATHENA.MIT.EDU (Nico Williams)
Thu Oct 26 14:34:46 2023
Date: Thu, 26 Oct 2023 13:33:27 -0500
From: Nico Williams <nico@cryptonector.com>
To: Ken Hornstein <kenneth.hornstein.ctr@nrl.navy.mil>
Cc: kerberos@mit.edu
Message-ID: <ZTqw9+Etcwo8SqR4@ubby21>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <202310261827.39QIRu4Q000307@hedwig.cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, Oct 26, 2023 at 02:27:56PM -0400, Ken Hornstein wrote:
> Ever hear the political adage, "If you're explaining yourself, you're
> losing"?. The same adage applies when talking to security people,
> especially the non-technical ones. The common gss-keyex code out there
> calls the OpenSSL MD5 function at runtime, and some of the distributions
> that do ship the gss-keyex code (RedHat) decided to simply disable
> gss-keyex code when FIPS is turned on. So yes, you CAN hardcode the
> OID->name mappings, but it seems that nobody actually does that.
We accept PRs.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
