SASL always returns ssf=56 for GSSAPI

Hai Zaar haizaar at gmail.com
Thu Sep 21 18:53:42 EDT 2006


On 9/22/06, Nicolas Williams <Nicolas.Williams at sun.com> wrote:
> BTW, the whole concept of absolute security strength factors is broken.
>
> After all, the relative strengths of ciphers, hashes, MACs, assymertic
> cryptographic algorithms (RSA, DH, etc...) and cryptographic protocols
> built on them are variable over time.  And some constructions can be
> much stronger than the individual components used to build them.
>
> IMO the right way to design an API for expressing and enforcing policy
> relating to the strength of cryptographic systems used, and in the face
> of pluggable frameworks, is to provide for rules-based profiles that
> applications and libraries refer to by name, and which mechanisms simply
> evaluate.
>
> Then administrators can write profiles that express the policies that
> they want.
This is a very interesting point.
You probably should point this out at SASL ietf mailing list:
http://www.imc.org/ietf-sasl
-- 
Zaar


More information about the Cyrus-sasl mailing list