Hi, Andrew, Thanks for your comments and the diagram attached. The security product group will review the content of the diagram to see whether we can incorporate it into the document.
Before we can use the diagram, we would like to confirm that Mr. Astrand is covered by the PFIF WSPP agreement that gives Microsoft a broad license to use and distribute any comments or suggestions to improve the WSPP documentation. This license is dependent on whether Mr. Astrand is a member of PFIF/Samba. We also need to know if the he is expecting attribution for the work. We appreciate your efforts to help us improve protocol documentation. Thanks ---------------------------------------------------------- Hongwei Sun - Support Escalation Engineer DSC Protocol Team, Microsoft [EMAIL PROTECTED] Tel: 469-7757027 x 57027 ----------------------------------------------------------- -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2008 7:13 PM To: Hongwei Sun Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [cifs-protocol] Clarify AEAD behaviour for GSSAPI with AES On Thu, 2008-07-31 at 14:36 -0700, Hongwei Sun wrote: > Andrew, > > > > The encryption function in Kerberos is described in details in 5.3 > [RFC3961] (http://www.ietf.org/rfc/rfc3961.txt), which is referenced > by [MS-KILE]. > > > > I can summarize as follows > > > > · "conf" is actually a random confounder prefix of length > c ,such as 16. > > · "pad" is for shortest padding to bring confounder and > plaintext to a length that is the multiple of message block size m, > which is octet(8) for AES encryption, as specified in section 6 [RFC > 3962] (http://www.ietf.org/rfc/rfc3962.txt) > > · Ke is an encryption key and Ki is a checksum key. > > · Plain text is the input confidential data before encryption. > > · The GSSWrapEX() is exactly the same as the GSSWrap except > that it supports ordered list of input buffers. Input buffers for > which conf_req_flag == TRUE are encrypted and returned. Buffers which > sign == TRUE are included in the signature. > > · We use the Kerberos standard’s encryption and signatures. > It is very important to concatenate the correct buffers to make it > work. Indeed - and that is why I am asking for this to be much more clearly specified. I find digrams much more useful - see the attached work by Love Hörnquist Åstrand <[EMAIL PROTECTED]>. Can you please expand MS-KILE with this information? Thanks, -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
_______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol