[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: RE: [Pfif] [cifs-protocol] Clarify AEAD behaviour for GSSAPIwith AES
From: Hongwei Sun <hongweis () microsoft ! com>
Date: 2008-12-30 16:25:57
Message-ID: B8A3C6EE027AF84086DD3A049CF34A4A2FB55B2BEA () NA-EXMSG-C112 ! redmond ! corp ! microsoft ! com
[Download RAW message or body]
Stefan,
We have updated the example for GSS_WrapEx with AES128-CTS-HMAC-SHA1-96 in MS-KILE \
as per your suggestion. I attached the updated section 4.3 of MS-KILE for your \
review. Please also see the inline comment.
We really appreciate your help for improving our Open Protocol Documentation.
> -----Original Message-----
> From: Stefan (metze) Metzmacher [mailto:metze@samba.org]
> Sent: Sunday, October 19, 2008 10:03 AM
> To: Hongwei Sun
> Cc: Andrew Bartlett; pfif@tridgell.net; cifs-protocol@samba.org
> Subject: Re: [Pfif] [cifs-protocol] Clarify AEAD behaviour for GSSAPIwith AES
> Hi Hongwei,
> > We finished adding an example for GSS_WrapEx with
> > AES128-CTS-HMAC-SHA1-96 in [MS-KILE]. The attached PDF document is the
> > newly added section(4.3) of the [MS-KILE] document.
> >
> > We really appreciate your suggestion. Please let us know if you have
> > further questions regarding this subject.
> It would be nice if this example would use ec != 0, as that was exactly
> not match RFC 4121 and the reason our (heimdal) krb5 code was not able to
> handle network traffix from windows.
We explicitly documented in the latest update that "right rotation by (EC+RRC) \
count" should be performed.
> You should unify the naming of the resulting overhead, in the diagramm
> you use 'checksum' and in the test you use 'signature', maybe 'token'
> would be the better word here, as 'checksum' is a non unique in the diagramm.
We fixed the inconsistency between text and diagram.
> An example with arcfour-hmac-md5 would also be very useful,
> as there the pseudo ASN.1 wrapping arround the token is very tricky.
> As it's only arround the 'token' instead of 'token' + 'message' +
> 'padding' as it is for the standard GSS_Wrap function.
> Also it would be nice to have a specific example how the RPC layer
> calls GSS_WrapEx.
> It would also be very helpfull to know how the mapping to the SSPI
> function parameters works.
I already responded to you regarding these questions in a separate mail on 11/24/08.
> metze
Thanks
----------------------------------------------------------
Hongwei Sun - Sr. Support Escalation Engineer
DSC Protocol Team, Microsoft
hongweis@microsoft.com
Tel: 469-7757027 x 57027
-----------------------------------------------------------
["MS-KILE-4.3.pdf" (application/pdf)]
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic