Good morning again Andrew. As I noted in my other email, I will provide 
unencrypted network packet contents as soon as I can (I will keep you advised 
on this).

Meanwhile, I have spent considerable time handchecking the source code in 
various versions of Windows Server (2000 - 2008), in order to profile trust 
management. In the general case, the same functions are used, but I have not 
yet collected the version dependant detail differences.

I would again like to thank you for your patience; I expect to have a progress 
update for you next week.

Regards,
Bill Wesse
MCSE, MCTS / Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606


-----Original Message-----
From: Andrew Bartlett [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 21, 2008 6:17 PM
To: Bill Wesse
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: List of interfaces used by Trusted domains (SRX081021600181)

On Tue, 2008-10-21 at 09:47 -0700, Bill Wesse wrote:
> Good morning Andrew. Bill Wesse here again. I have just taken
> ownership of this case (SRX081021600181), and have already begun work.
>
> Please note that the attached document ([SCENARIO_DOMAIN_TRUST].pdf)
> contains some of the information you are looking for (for external
> trusts only, at this point).
>
> I am currently setting up a virtual machine to house FreeBSD and MIT
> Kerberos in order to detail the network traffic involved with trust
> manipulation, and will keep you advised of my progress.

Thankyou very much.

One note I would make about the packet dumps, which form the majority of this 
document is that while the cleartext headers are specified in incredible 
detail, they provide little information.  At the same time, the actually useful 
parts are still encrypted.

Perhaps these could be reversed, with the headers excluded (if an implementer 
can't understand the headers, they should look at the right RPC doc) but the 
payload in the clear.  This would save space, paper and provide more useful 
information.

Thanks,

Andrew Bartlett

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to