[Pkg-gnutls-maint] Bug#447778: libgnutls13: Add the Kerberos cipher suite to TLS
Simon Josefsson
simon at josefsson.org
Thu Dec 13 16:54:11 UTC 2007
Daniel Dehennin <daniel.dehennin at baby-gnu.org> writes:
> Le 5187 Septembre 1993, Simon Josefsson a tapoté:
>> RFC 2712 is broken, since it doesn't provide mutual authentication,
>> and as far as I know, the Kerberos community doesn't recommend it.
>> Are you sure you want to use RFC 2712?
>
> No, I'm only sure to want to use kerberos with TLS, whatever how ;-)
>
>> There are discussions in the IETF to support GSS-API in TLS, which is
>> the proper way to solve this, but there isn't any consensus in the
>> TLS WG. Possibly one of the draft will be implemented by Microsoft,
>> and GnuTLS could implement it, but someone needs to do the job (or
>> pay someone to do it).
>
> Ok, so I'll wait and hope.
Hi! Are you still interested in this feature? I consider implementing
RFC 2712 in GnuTLS, and to experiment with better proposals. I could
really use help to test things though. I'll likely be using Shishi as
the Kerberos implementation, but that shouldn't be a problem here, it
can read MIT/Heimdal keytab/ccache's. I'll improve any compatibility
required in Shishi along the way as well.
This work will likely be part of a separate libgnutls-shishi library.
/Simon
More information about the Pkg-gnutls-maint
mailing list