On 13/05/2015 21:37, Jeffrey Altman wrote: > On 5/13/2015 3:17 PM, Nico Williams wrote: >> Kerberos in particular supports PROT_READY. There is no Kerberos IV GSS >> mechanism, FYI. I'd never heard of GSS-SRP-6a; do you have a reference? > Nico, > > Look for draft-burdis-cat-srp-sasl. It was never standardized but I > believe there is an implementation in Cyrus/SASL. This is the most > recent version I could find > > http://www.opensource.apple.com/source/passwordserver_sasl/passwordserver_sasl-159/cyrus_sasl/doc/draft-burdis-cat-srp-sasl-xx.txt > > Jeffrey Altman No, I was referring to the (apparently never defined, though I thought it was) use of RFC2945 (SRP 3) as a GSS mechanism, with the additional bug fixes in SRP-6 (RFC5054) and SRP-6a (no RFC). Here I am referring to the SRP mechanism enhancements in RFC5054, not the TLS binding also in RFC5054. Because SRP-3 and SRP-6 is (from the outside) a kind of authenticated DH exchange, neither end will be ready to calculate MIC values until the primary exchange messages have been completed (this does not include any additional key confirmation messages that might be folded into the channel binding legs). This differs from Kerberos, where each end knows the MIC key before sending its first GSS token. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150515/fa327afe/attachment-0001.html>
