SASL always returns ssf=56 for GSSAPI
alexey.melnikov at isode.com
Fri Sep 22 05:52:46 EDT 2006
Nicolas Williams wrote:
>BTW, the whole concept of absolute security strength factors is broken.
>After all, the relative strengths of ciphers, hashes, MACs, assymertic
>cryptographic algorithms (RSA, DH, etc...) and cryptographic protocols
>built on them are variable over time. And some constructions can be
>much stronger than the individual components used to build them.
>IMO the right way to design an API for expressing and enforcing policy
>relating to the strength of cryptographic systems used, and in the face
>of pluggable frameworks, is to provide for rules-based profiles that
>applications and libraries refer to by name, and which mechanisms simply
>Then administrators can write profiles that express the policies that
This sounds fascinating, but extremely complex. Most administrators
wouldn't really care.
How would this look like?
More information about the Cyrus-sasl