[AFS3-std] rxgk and the RFC 4402 PRF+ function
Michael Meffie
mmeffie@sinenomine.net
Tue, 25 Feb 2014 15:34:29 -0500
> > Can you suggest the correct wording?
>
> My current proposal is to apply this patch (a4d36684 on my github):
> epoch || cid || start_time || key_number))
> </artwork>
> </figure>
> + <t>[[The PRF+ function defined in RFC 4402 specifies that the values
> + of the counter 'n' should begin at 1, for T1, T2, ... Tn.
> + However, implementations of that PRF+ function for the
> + gss_pseudo_random() implementation for the krb5 mechanism have
> + disregarded that specification and started the counter 'n' from 0.
> + Since there is no interoperability concern between krb5
> + gss_pseudo_random() and rxgk key derivation, implementations of
> + the RFC 4402 PRF+ function for rxgk key derivation should use the
> + RFC 4402 version as specified, that is, with the counter 'n' beginning
> + at 1.]]</t>
> <t>L is the key generation seed length as specified in the RFC3961
> profile.</t>
> <t>epoch, cid and key_number are passed as 32 bit quantities; start_time
Thanks Ben,
This looks fine to me, and hearing no objections, I think we should take this
without another last call.
Thanks,
Mike
--
Michael Meffie <mmeffie@sinenomine.net>