[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jeffrey Hutzelman] Followup on KINK last call
At Wed, 14 Dec 2005 12:41:58 -0500,
Sam Hartman <hartmans-ietf@xxxxxxx> wrote:
>
>
> Some discussion related to the last call of draft-ietf-kink-kink-10.txt was
> copied to the Kerberos WG list, but I'm afraid part of it may have missed
> both the IETF and IESG lists. In particular...
>
> - This comment appears to have gone unaddressed in -11:
>
> > I did notice that section 4.2.7 KINK_ENCRYPT does not specify what key is
> > used, only that it "is encrypted using the encryption algorithm specified
> > by the etype of the session key"
sorry for missing that in -11.
The proposed change quoted below also addressed this.
At Wed, 14 Dec 2005 20:00:45 +0900,
KAMADA Ken'ichi <kamada@xxxxxxxxxx> wrote:
>
> Section 4.2.7., para. 1:
> OLD:
>
> The KINK_ENCRYPT payload encapsulates other payloads and is encrypted
> using the encryption algorithm specified by the etype of the session
> key. This payload MUST be the final payload in the message. KINK
> encrypt payloads MUST be encrypted before the final KINK checksum is
> applied.
>
> NEW:
>
> The KINK_ENCRYPT payload encapsulates other KINK payloads and is
> encrypted using the session key and the algorithm specified by its
> etype. This payload MUST be the final one in the outer payload chain
> of the message. The KINK_ENCRYPT payload MUST be encrypted before
> the final KINK checksum is applied.
--
KAMADA Ken'ichi <kamada@xxxxxxxxxx>