Re: [RFC PATCH 2/8] crypto/krb5: Provide Kerberos 5 crypto through AEAD API

[Jeffrey E Altman]

On 1/10/2025 5:02 AM, Herbert Xu wrote:
> So does your use-case support both standard AEAD algorithms such
> as GCM as well as these legacy algorithms?

RXGK is described by 
https://datatracker.ietf.org/doc/draft-wilkinson-afs3-rxgk/.

Any RFC3961 ("Encryption and Checksum Specifications for Kerberos 5") 
framework encryption algorithm can be used with it.

There have been proposals to add AEAD encryption types to RFC3961. For 
example, Luke Howard proposed

https://datatracker.ietf.org/doc/draft-howard-krb-aead/

The Security Considerations section describes the reasons that MIT's 
Kerberos team is reluctant to add AEAD algorithms to RFC3961. The 
primary one being that AEAD algorithms are not safe for all of the 
existing RFC3961 use cases and there is no means of ensuring that AEAD 
encryption types would not be misused.

Requests for the addition of AEAD to RFC3961 have come from both the 
NFSv4 community and those implementing RXGK. Alas, there has been no 
forward progress since the publication of Luke's draft.

Jeffrey Altman

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature