supportedKDFs in AuthPack not defined in RFC4556

Discussion:

Li, Jiajia

2015-12-25 06:30:46 UTC

Hi all,

In mit source code k5-int-pkinit.h:
/** AuthPack from RFC 4556*/
typedef struct _krb5_auth_pack {
krb5_pk_authenticator pkAuthenticator;
krb5_subject_pk_info *clientPublicValue; /* Optional */
krb5_algorithm_identifier **supportedCMSTypes; /* Optional */
krb5_data clientDHNonce; /* Optional */
krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
} krb5_auth_pack;

It looks like MIT implementation is not sync with the RFC4556. Anybody know why?

Thanks
Jiajia
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

Benjamin Kaduk

2015-12-25 06:37:59 UTC

Permalink

Post by Li, Jiajia
Hi all,
/** AuthPack from RFC 4556*/
typedef struct _krb5_auth_pack {
krb5_pk_authenticator pkAuthenticator;
krb5_subject_pk_info *clientPublicValue; /* Optional */
krb5_algorithm_identifier **supportedCMSTypes; /* Optional */
krb5_data clientDHNonce; /* Optional */
krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
} krb5_auth_pack;
It looks like MIT implementation is not sync with the RFC4556. Anybody know why?

See https://tools.ietf.org/html/draft-ietf-krb-wg-pkinit-alg-agility-07 .

-Ben
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

Li, Jiajia

2015-12-25 06:45:37 UTC

Permalink

Hi Ben,
Thanks you can point it out. It really help me.

Jiajia

-----Original Message-----
From: Benjamin Kaduk [mailto:***@MIT.EDU]
Sent: Friday, December 25, 2015 2:38 PM
To: Li, Jiajia
Cc: ***@mit.edu
Subject: Re: supportedKDFs in AuthPack not defined in RFC4556

See https://tools.ietf.org/html/draft-ietf-krb-wg-pkinit-alg-agility-07 .

-Ben

_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev