Date: Thu, 28 Feb 91 16:56:35 -0500
From: John T Kohl <jtkohl@MIT.EDU>
0. next meeting is next Thursday, 7 Mar 1991, at 3pm in E40-316.
1. status reports:
jtkohl: worked on replay cache stuff for safe/priv msgs
used mprof to clean up various memory leaks
played with ISODE to fix some leaks & other problems.
tytso: finished up API conversion to standardize on the return style.
working on kdb_util dump/load (salt changes)
thinking about realm "quality" stuff
jfc: still studying GSS interface, & considering user2user code
jis: has been playing with SPX
will be at meeting about GSS
2. GSS API stuff: will be a meeting next Tuesday with DEC folks about
solidifying the GSS API code. we're all invited.
3. build space is tight again; we can probably squeeze more out of
4. All files should eventually be converted to have the phrase "All
Rights Reserved" right after the Copyright line, and if you edit the file,
be sure that 1991 appears as one of the years in the copyright notice.
Also please remove all #include's of <krb5/copyright.h>.
5. alpha/beta testing issues. we're not getting much in the way of
useful feedback from testers, so we won't add any more to those we
have now. We are about ready for a general distribution beta-test.
We're waiting for:
completion of principal salting stuff
completion of subsession key stuff
ISODE 6.8 test/update
6. discussion of subsession keys, key mixing, etc. Opinion boils down
that: mixing keys is sufficiently non-portable among encryption types
that we probably shouldn't provide an interface at the kerberos level.
For applications that care to use separate subsession keys for one/both
direction, the client side can have the mk_req_* routine select and
return one such key; the server can ask the mk_rep routine to select one
7. other random distribution questions:
we should do some sort of code/protocol auditing, to increase
our confidence in the system. discussion of where to draw the lines for
things considered security-critical (read-side routines, KDC, encryption
layers, maybe others?)
discussion of beta-test rewards for those finding security bugs
in the library.
Jeff will talk to DEC about the export issues with SPX and what
they've done w.r.t. distributions
Jeff will keep eyes/ears out for any "standardization" of
John K. will find a way to get DER out of ISODE 6.8.
John C. will produce a user2user draft interface spec and
circulate it for review.