tech-net: Re: Changes (fixes!) to racoon GSS API authentication

Subject: Re: Changes (fixes!) to racoon GSS API authentication
To: None <thorpej@shagadelic.org>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-net
Date: 11/07/2004 22:27:46

> Hi folks...
> 
> I've been exchanging mail with a Microsoft developer recently about 
> racoon's GSS-API auth code, and how it doesn't interoperate with 
> Windows IKE.
> 
> There were really a few problems:
> 
> - If the GSS ID was specified in racoon.conf, the NUL at the end of the 
> C-string would erroneously be put onto the wire.
> 
> - While the GSS-API-for-IKE draft specifies "Unicode" (for Windows 
> compatibility), this was unfortunately a little too vague.  Currently, 

	will you comment on it to authors of the offending internet draft?
	from the current situation, using UTF16-LE (just like MS) might be an
	mistake.  the document is vague so we don't know what is the right
	thing to do.

itojun