On 1/10/2025 5:02 AM, Herbert Xu wrote:
So does your use-case support both standard AEAD algorithms such as GCM as well as these legacy algorithms?
RXGK is described by https://datatracker.ietf.org/doc/draft-wilkinson-afs3-rxgk/.
Any RFC3961 ("Encryption and Checksum Specifications for Kerberos 5") framework encryption algorithm can be used with it.
There have been proposals to add AEAD encryption types to RFC3961. For example, Luke Howard proposed
https://datatracker.ietf.org/doc/draft-howard-krb-aead/The Security Considerations section describes the reasons that MIT's Kerberos team is reluctant to add AEAD algorithms to RFC3961. The primary one being that AEAD algorithms are not safe for all of the existing RFC3961 use cases and there is no means of ensuring that AEAD encryption types would not be misused.
Requests for the addition of AEAD to RFC3961 have come from both the NFSv4 community and those implementing RXGK. Alas, there has been no forward progress since the publication of Luke's draft.
Jeffrey Altman
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
