SASL always returns ssf=56 for GSSAPI
Alexey Melnikov
alexey.melnikov at isode.com
Fri Sep 22 05:52:46 EDT 2006
Nicolas Williams wrote:
>BTW, the whole concept of absolute security strength factors is broken.
>
>After all, the relative strengths of ciphers, hashes, MACs, assymertic
>cryptographic algorithms (RSA, DH, etc...) and cryptographic protocols
>built on them are variable over time. And some constructions can be
>much stronger than the individual components used to build them.
>
>
Good point.
>IMO the right way to design an API for expressing and enforcing policy
>relating to the strength of cryptographic systems used, and in the face
>of pluggable frameworks, is to provide for rules-based profiles that
>applications and libraries refer to by name, and which mechanisms simply
>evaluate.
>
>Then administrators can write profiles that express the policies that
>they want.
>
>
This sounds fascinating, but extremely complex. Most administrators
wouldn't really care.
How would this look like?
More information about the Cyrus-sasl
mailing list