On Fri, Mar 30, 2007 at 11:09:17AM +0200, Stefan (metze) Metzmacher wrote: > So I think it would be much better to use the vuid as enc-ctx, > but check for each call to a specific tid that the call was encrypted > or not. And maybe also allow plain requests with the vuid, or force the > client to create a new vuid for plain traffic.
Full ack from here. Key generation is a per-session setup thing, so the encryption context should be the same. The fact that we have contexts broken in Samba3 should not influence the design ;-) Volker
pgpKkNk0hWEkj.pgp
Description: PGP signature