[openssl-users] [openssl-dev] Replacing RFC2712 (was Re: Kerberos)

Jakob Bohm jb-openssl at wisemo.com
Fri May 15 11:50:03 UTC 2015

On 13/05/2015 21:37, Jeffrey Altman wrote:
> On 5/13/2015 3:17 PM, Nico Williams wrote:
>> Kerberos in particular supports PROT_READY.  There is no Kerberos IV GSS
>> mechanism, FYI.  I'd never heard of GSS-SRP-6a; do you have a reference?
> Nico,
> Look for draft-burdis-cat-srp-sasl.  It was never standardized but I
> believe there is an implementation in Cyrus/SASL.  This is the most
> recent version I could find
>   http://www.opensource.apple.com/source/passwordserver_sasl/passwordserver_sasl-159/cyrus_sasl/doc/draft-burdis-cat-srp-sasl-xx.txt
> Jeffrey Altman
No, I was referring to the (apparently never defined,
though I thought it was) use of RFC2945 (SRP 3) as a
GSS mechanism, with the additional bug fixes in SRP-6
(RFC5054) and SRP-6a (no RFC).  Here I am referring
to the SRP mechanism enhancements in RFC5054, not the
TLS binding also in RFC5054.

Because SRP-3 and SRP-6 is (from the outside) a kind
of authenticated DH exchange, neither end will be
ready to calculate MIC values until the primary
exchange messages have been completed (this does not
include any additional key confirmation messages that
might be folded into the channel binding legs).

This differs from Kerberos, where each end knows the
MIC key before sending its first GSS token.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150515/fa327afe/attachment-0001.html>

More information about the openssl-users mailing list