>Yeah; IIRC that was to allow cases where the initiator would send the first >context token in the same packet/message with early data, such as a MIC >binding the exchange to some channel. In retrospect, perhaps it has caused >more trouble than it was worth. We didn't use this in RFC 4462 userauth, >which doesn't use mutual anyway.
As a side note, my impression is that gss-keyex has fallen out of favor, and at least for us part of the problem is the unfortunate decision to use MD5 in that protocol. You and I both know that the use of MD5 in there isn't security related, but if you live in a FIPS world then any use of MD5 is a "challenge". --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos