SASL always returns ssf=56 for GSSAPI

Hai Zaar haizaar at
Thu Sep 21 18:53:42 EDT 2006

On 9/22/06, Nicolas Williams <Nicolas.Williams at> wrote:
> BTW, the whole concept of absolute security strength factors is broken.
> After all, the relative strengths of ciphers, hashes, MACs, assymertic
> cryptographic algorithms (RSA, DH, etc...) and cryptographic protocols
> built on them are variable over time.  And some constructions can be
> much stronger than the individual components used to build them.
> IMO the right way to design an API for expressing and enforcing policy
> relating to the strength of cryptographic systems used, and in the face
> of pluggable frameworks, is to provide for rules-based profiles that
> applications and libraries refer to by name, and which mechanisms simply
> evaluate.
> Then administrators can write profiles that express the policies that
> they want.
This is a very interesting point.
You probably should point this out at SASL ietf mailing list:

More information about the Cyrus-sasl mailing list