Hi all, I am confuzzled about usefulness of the QOP concept in GSS-API.
RFC 2743 states, that using non-default QOP is a mechanism specific, non-portable construct. RFC 4121 says, that applications using different QOP than default are not guaranteed portability and interoperability. It also says, that encryption and checksum algorithms in per-message tokens are implicitly defined by the algorithms associated with the session key or subkey and that using different algorithm than the one for which the key is defined may not be appropriate. This gives me the impression, that using non-default QOPs is discouraged and that the whole Quality of Protection concept is somewhat obsolete. Is that so? Do you know of a use-case (real life or hypothetical) for non-default QOP with Kerberos GSS-API mechanism? Does any other GSS-API mechanism make use of non-default QOPs? Thanks, Tomas ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
