Stefan, Thanks for the feedback. Please see the inline comments.
>The diagram and text look good, maybe add a notice that >- right rotation by (EC+RRC) count - doesn't match the rfc, which says > right rotation just by RRC count I will discuss your suggestion with the documentation team. >But please check with Larry if that behavior will stay for the non-dce-style >case in future versions, there were some discussions about making the >EC+RRC "feature" dce-style specific in future versions of windows. I confirmed with the product team that there is no change planed in future releases in terms of EC+RRC handling logic. The existing behavior will stay. Thanks ---------------------------------------------------------- Hongwei Sun - Sr. Support Escalation Engineer DSC Protocol Team, Microsoft hongw...@microsoft.com Tel: 469-7757027 x 57027 ----------------------------------------------------------- -----Original Message----- From: Stefan (metze) Metzmacher [mailto:me...@samba.org] Sent: Thursday, January 08, 2009 1:29 AM To: Hongwei Sun Cc: Andrew Bartlett; p...@tridgell.net; cifs-proto...@samba.org Subject: Re: [Pfif] [cifs-protocol] Clarify AEAD behaviour for GSSAPIwith AES Hi Hongwei, > I just want to check to see if you have any more feedback about the latest > update of diagram and text. If you don't have any more questions, I will > close the case regarding Gss_WrapEx with AES128-CTS-HMAC-SHA1-96 in MS-KILE. The diagram and text look good, maybe add a notice that - right rotation by (EC+RRC) count - doesn't match the rfc, which says right rotation just by RRC count But please check with Larry if that behavior will stay for the non-dce-style case in future versions, there were some discussions about making the EC+RRC "feature" dce-style specific in future versions of windows. metze > ---------------------------------------------------------- > Hongwei Sun - Sr. Support Escalation Engineer DSC Protocol Team, > Microsoft hongw...@microsoft.com > Tel: 469-7757027 x 57027 > ----------------------------------------------------------- > > > > > > -----Original Message----- > From: Hongwei Sun > Sent: Tuesday, December 30, 2008 10:26 AM > To: 'Stefan (metze) Metzmacher' > Cc: Andrew Bartlett; p...@tridgell.net; cifs-proto...@samba.org > Subject: RE: [Pfif] [cifs-protocol] Clarify AEAD behaviour for > GSSAPIwith AES > > Stefan, > > We have updated the example for GSS_WrapEx with AES128-CTS-HMAC-SHA1-96 in > MS-KILE as per your suggestion. I attached the updated section 4.3 of > MS-KILE for your review. Please also see the inline comment. > > We really appreciate your help for improving our Open Protocol > Documentation. > > >> -----Original Message----- >> From: Stefan (metze) Metzmacher [mailto:me...@samba.org] >> Sent: Sunday, October 19, 2008 10:03 AM >> To: Hongwei Sun >> Cc: Andrew Bartlett; p...@tridgell.net; cifs-proto...@samba.org >> Subject: Re: [Pfif] [cifs-protocol] Clarify AEAD behaviour for >> GSSAPIwith AES > >> Hi Hongwei, > >>> We finished adding an example for GSS_WrapEx with >>> AES128-CTS-HMAC-SHA1-96 in [MS-KILE]. The attached PDF document is >>> the newly added section(4.3) of the [MS-KILE] document. >>> >>> We really appreciate your suggestion. Please let us know if you have >>> further questions regarding this subject. > >> It would be nice if this example would use ec != 0, as that was >> exactly not match RFC 4121 and the reason our (heimdal) krb5 code was >> not able to handle network traffix from windows. > > We explicitly documented in the latest update that "right rotation by > (EC+RRC) count" should be performed. > >> You should unify the naming of the resulting overhead, in the >> diagramm you use 'checksum' and in the test you use 'signature', maybe >> 'token' >> would be the better word here, as 'checksum' is a non unique in the diagramm. > > We fixed the inconsistency between text and diagram. > >> An example with arcfour-hmac-md5 would also be very useful, as there >> the pseudo ASN.1 wrapping arround the token is very tricky. >> As it's only arround the 'token' instead of 'token' + 'message' + >> 'padding' as it is for the standard GSS_Wrap function. > >> Also it would be nice to have a specific example how the RPC layer >> calls GSS_WrapEx. > >> It would also be very helpfull to know how the mapping to the SSPI >> function parameters works. > > I already responded to you regarding these questions in a separate mail on > 11/24/08. > >> metze > > > > Thanks > > ---------------------------------------------------------- > Hongwei Sun - Sr. Support Escalation Engineer DSC Protocol Team, > Microsoft hongw...@microsoft.com > Tel: 469-7757027 x 57027 > ----------------------------------------------------------- _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol