This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
The Simple Public-Key GSS-API Mechanism
The Simple Public-Key GSS-API Mechanism

Version management

Difference between version and

At line 1 added 12 lines
!!! Overview
[{$pagename}] ([SPKM]) Although the [The Kerberos Version 5 GSS-API Mechanism] [KRB5] is becoming well-established in many environments, it is important in some applications to have a [Generic Security Service Application Program Interface]([GSSAPI]) mechanism which is based on a [Public Key], rather than a [Symmetric Key], infrastructure.
[{$pagename}] has been proposed to meet this need and to provide the following features:
* [{$pagename}] allows both unilateral and mutual authentication to be accomplished without the use of secure timestamps. This enables environments which do not have access to secure time to nevertheless have access to secure [authentication].
* [{$pagename}] uses Algorithm Identifiers to specify various algorithms to be used by the communicating peers. This allows maximum flexibility for a variety of environments, for future enhancements, and for alternative algorithms.
* [{$pagename}] allows the option of a true, asymmetric algorithm-based, [Digital Signature] in the gss_sign() and gss_seal() operations (now called gss_getMIC() and gss_wrap() in [RFC 4121]), rather than an [integrity] checksum based on a [MAC] computed with a symmetric algorithm (e.g., [DES]). For some environments, the availability of true [Digital Signatures] supporting [Non-Repudiation] is a necessity.
* [{$pagename}] data formats and procedures are designed to be as similar to those of the [Kerberos] mechanism as is practical. This is done for ease of implementation in those environments where [Kerberos] has already been implemented.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop