Re: gss userauth

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: gss userauth
From: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Date: Sat, 23 Aug 2003 00:09:46 -0400

It is desireable, I think, to avoid increasing the requirements that
gss userauth places on gssapi mechanisms.  I think having the same
requirements as key exchange is very much a good thing.

I also think that making it as much like pubkey userauth as possible
in terms of what data it signs would probably be a good thing,
although pubkey probably signs more random data fields than there is
any actual need to sign.  I think the crucial key is that the session
ID gets signed, and it is probably a good idea to include some other
random data so that session key signatures used for different purposes
sign different data.

References:
- RE: gss userauth
  - From: Joseph Salowey
- RE: gss userauth
  - From: Jeffrey Hutzelman

Prev by Date: RE: gss userauth
Next by Date: Re: Re-using RSA1 keys as RSA
Previous by Thread: Re: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index