RFR 8186831: Kerberos ignores PA-DATA with a non-null s2kparams

Weijun Wang weijun.wang at oracle.com
Fri Sep 8 01:36:30 UTC 2017


According to https://tools.ietf.org/html/rfc4120#section-3.1.3:

                   A "newer" enctype is any enctype first officially
   specified concurrently with or subsequent to the issue of this RFC.
   The enctypes DES, 3DES, or RC4 and any defined in [RFC1510] are not
   "newer" enctypes.

I'll add a link and rename it to isNewer().

Thanks
Max


> On Sep 8, 2017, at 9:30 AM, Xuelei Fan <Xuelei.Fan at Oracle.Com> wrote:
> 
> Looks fine to me.  
> 
> A minor comment about the method name "isNew", i'm not very sure what does it means.  I would add comments about what the "new" refers to.
> 
> Xuelei
> 
>> On Aug 28, 2017, at 11:12 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>> 
>> Please review the fix at
>> 
>>  http://cr.openjdk.java.net/~weijun/8186831/webrev.00/
>> 
>> This is an old bug that is about to bite us soon.
>> 
>> Thanks
>> Max
>> 
> 



More information about the security-dev mailing list