[cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)

Nico Williams nico at cryptonector.com
Tue Jun 21 10:40:35 EDT 2011


On Jun 21, 2011 8:16 AM, "Peter Gutmann" <pgut001 at cs.auckland.ac.nz> wrote:
>
> Nico Williams <nico at cryptonector.com> writes:
>
> >Not so!  Please point to some evidence if you wish to insist on this.
>
> GSS-API is pretty Kerberos-y.  It may not have it directly baked in, but
you
> really have to squint at it pretty funny to go beyond Kerberos.  I know
you
> can pretend it's not a meant-for-Kerberos API, but that doesn't change the
> fact that that's effectively what it is.

No, Kerberos was pretty much the only mechanism available for much too
long.  That may be why you identify GSS with Kerberos.

Moreover the GSS-API now has extensions for dealing with complex attributes
like SAML's, and though originally inspired by MSFT's PAC, they evolved to
be usable with SAML.

Nico
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110621/ef30dfdd/attachment.html>


More information about the cryptography mailing list