On Sun, 2005-09-11 at 08:54 +1000, Andrew Bartlett wrote: > On Sat, 2005-09-10 at 18:38 -0400, Ken Raeburn wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Sep 10, 2005, at 02:09, Andrew Bartlett wrote: > > > Sadly it is a mistake that DCE/RPC forces on us: While I presume you > > > could simply expand the data portion for the full wrapped data, > > > Microsoft chose to place the signature in the traditional place, > > > separate from the main data. We have to be compatible with that. > > [...] > > > As such, I'm in a no-win situation, and took the least ugly way > > > out :-) > > > > Pragmatically, yes, it sounds like you're stuck implementing > > something along these lines. But I think it would be a bit less ugly > > if the naming made it clear that it's a DCE/RPC thing, not a general > > GSSAPI thing. DCE/RPC isn't GSSAPI. Likewise for gss_wrap_ex, if it > > separates the signature, though I could certainly see AEAD being a > > useful GSSAPI addition (and wish we'd had time to properly consider > > it for RFC 3961 -- Kerberos cryptosystems -- as well). > > Any suggestions as to the name? While the particular need here is for > DCE/RPC, I imagine it is not the only framing that is painful in this > respect... Given all this discussion, I'll probably rename it to gsskrb5_wrap_size(), as that's all it's valid for. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part