metze, I just want to check to see if you have any more feedback about the latest update of diagram and text. If you don't have any more questions, I will close the case regarding Gss_WrapEx with AES128-CTS-HMAC-SHA1-96 in MS-KILE.
Thanks ---------------------------------------------------------- Hongwei Sun - Sr. Support Escalation Engineer DSC Protocol Team, Microsoft hongw...@microsoft.com Tel: 469-7757027 x 57027 ----------------------------------------------------------- -----Original Message----- From: Hongwei Sun Sent: Tuesday, December 30, 2008 10:26 AM To: 'Stefan (metze) Metzmacher' Cc: Andrew Bartlett; p...@tridgell.net; cifs-proto...@samba.org Subject: RE: [Pfif] [cifs-protocol] Clarify AEAD behaviour for GSSAPIwith AES Stefan, We have updated the example for GSS_WrapEx with AES128-CTS-HMAC-SHA1-96 in MS-KILE as per your suggestion. I attached the updated section 4.3 of MS-KILE for your review. Please also see the inline comment. We really appreciate your help for improving our Open Protocol Documentation. >-----Original Message----- >From: Stefan (metze) Metzmacher [mailto:me...@samba.org] >Sent: Sunday, October 19, 2008 10:03 AM >To: Hongwei Sun >Cc: Andrew Bartlett; p...@tridgell.net; cifs-proto...@samba.org >Subject: Re: [Pfif] [cifs-protocol] Clarify AEAD behaviour for >GSSAPIwith AES >Hi Hongwei, >> We finished adding an example for GSS_WrapEx with >> AES128-CTS-HMAC-SHA1-96 in [MS-KILE]. The attached PDF document is >> the newly added section(4.3) of the [MS-KILE] document. >> >> We really appreciate your suggestion. Please let us know if you have >> further questions regarding this subject. >It would be nice if this example would use ec != 0, as that was exactly >not match RFC 4121 and the reason our (heimdal) krb5 code was not able >to handle network traffix from windows. We explicitly documented in the latest update that "right rotation by (EC+RRC) count" should be performed. >You should unify the naming of the resulting overhead, in the diagramm >you use 'checksum' and in the test you use 'signature', maybe 'token' >would be the better word here, as 'checksum' is a non unique in the diagramm. We fixed the inconsistency between text and diagram. >An example with arcfour-hmac-md5 would also be very useful, as there >the pseudo ASN.1 wrapping arround the token is very tricky. >As it's only arround the 'token' instead of 'token' + 'message' + >'padding' as it is for the standard GSS_Wrap function. >Also it would be nice to have a specific example how the RPC layer >calls GSS_WrapEx. >It would also be very helpfull to know how the mapping to the SSPI >function parameters works. I already responded to you regarding these questions in a separate mail on 11/24/08. >metze Thanks ---------------------------------------------------------- Hongwei Sun - Sr. Support Escalation Engineer DSC Protocol Team, Microsoft hongw...@microsoft.com Tel: 469-7757027 x 57027 ----------------------------------------------------------- _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol