Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: ken...@cmf.nrl.navy.mil (Ken Hornstein)
Newsgroups: comp.protocols.kerberos
Subject: Re: RFC 4121 & acceptor subkey use in MIC token generation
Date: Wed, 25 Oct 2023 08:51:29 -0400
Organization: TNet Consulting
Lines: 21
Message-ID: <mailman.14.1698238324.2263420.kerberos@mit.edu>
References: <202310241950.39OJoa0Z000708@hedwig.cmf.nrl.navy.mil>
<3db2752e-565e-1f64-b354-9031a2fe9334@mit.edu> <ZTiT0ub2uv5A/b4E@ubby21>
<202310251251.39PCpTqc026799@hedwig.cmf.nrl.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="11626"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: kerberos@mit.edu
To: Nico Williams <nico@cryptonector.com>
Authentication-Results: mit.edu; dmarc=pass (p=reject dis=none)
header.from=cmf.nrl.navy.mil
Authentication-Results: mit.edu; arc=pass smtp.remote-ip=18.7.73.16
ARC-Seal: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1698238320; cv=pass;
b=yhiMuwAOZWAa/k0dL00SA3rP3AxibxgKPRqfBE8iFlgr49jPHSySGesI4t1H8Jbo6U19OHqnUf3Px3dc1qp4kB8GmUXgfWgTWZYRnMiCxBaACnL64vCOToerDh17q+UAn/+aPB2eggUO+KdMLxaCcqMnncOfQTxuakcXVhRJUMab4sL4bm/qLjGlbXgIfX6GLhCxklUrRQAgEwWBpXsia+Ug5P4QdW+Y8B6AC1QnjOSmbY/PfPFh7JO8QNtNYR0nlSYZKuzZJYAPSudyud/jl1BuhEwIxGUQW7oKQnYYqPy6Ceku/uWLzVtSNPBRYa5qeETS17vXyvz6+uqI3R1veQ==
ARC-Message-Signature: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1698238320;
c=relaxed/relaxed; bh=yKlBmGs4/jwU7dfwrtA3Oyp/oG0IFQ1GXudZHQY15HE=;
h=Message-ID:From:Subject:MIME-Version:Content-Type:Date;
b=dO0BFkcVPp4hc8+Q+R+gJX60p0TMhHq5gwLQaJ1E04uaaIgz4YjPanzOwGiGPligu88DSKo7XhZP/KGbUVAfUTOdP5COfZ86USMTo/K++VhNU5xHhUHh5OrcYaK3iViD4BRHIaKG8/4v/psGCWsEZvd/cx2aUGdAeBIZhc81BUJjxU7fu38HedZPSNKPnEui85YboxUiVkqXDWjPz6BiVPUDWqNTKJHIswfcdVZ4RpRblYFrXlRbc8yevXVGR7xqCBpTaYUdA8LF9UvQtR9uFor/5jVEjduZhK0Wkn8COe2gCvpI0v3Hf/EWwN/JW/yZOxm+3w4fpPrf3ldfKT4ucw==
ARC-Authentication-Results: i=2; mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=f5kJvDUW;
dkim=pass (2048-bit key;
unprotected) header.d=nrl.navy.mil header.i=@nrl.navy.mil header.a=rsa-sha256
header.s=s2.dkim header.b=G9PIuyAJ
Authentication-Results: mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=f5kJvDUW;
dkim=pass (2048-bit key;
unprotected) header.d=nrl.navy.mil header.i=@nrl.navy.mil header.a=rsa-sha256
header.s=s2.dkim header.b=G9PIuyAJ
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=f2JKAm10wuttePoCM20lMu2sT03+l4NH2uBRVp0gkqJGmf9+jc86oTSeUQUA6q+Md4nzBVYFowM3lhAGu7HcL4Dfq7xk7o1Joc1SbIAmp4dGAwTAIWZShsMnmblqFaRPd3fEfGGsI9PsJyAEENcTypke3mmfjqHomHmVPd+FgIjHlGSBUuYcKlMQnaobbnsWDQ754K5EYJQHFnSmew45zT/8fnaRxiqdYI2+Duk/7o2428VL4pqSD94DvdjUN9efxN3BM7N4cb8r0GsGVQFSZqk3zX6LXfuzrK0nFjTik7QXCGOoNa0YCgB+JMv2BJF8kDoM9F5jXXcM240iToXn4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=yKlBmGs4/jwU7dfwrtA3Oyp/oG0IFQ1GXudZHQY15HE=;
b=LtcEfBAjA9TWBk4DOUyVth2Wi5bNcsHXtMU60nIJPfuEfqMK7Gbf5hUhcjtmtlz1ykieA/NPoHZF7w8/M/7V+f/EI1Ul0DlNv7YjtBBU9vSPx4ztkmaRO/9oyK7C+xvEhRmXHJfmOkX0Pm60h00Axl073WSmpiQMcScLMpgRkUH5S/jd+HSsmSq/wfdAvOoQefbj3lxaKpryfbXSLSVlI1R/vPrrUOS1NLxAths/sPMdnLKnMQbp0pdsBz+ishEWGu95O8R6HMlu/3e1QDS0bILxyutOEJLyycx/qbx3hFanwbl7xs79rX3ht7PHrJcBV/B1JoqPCf2pTyoKcyRcnw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
140.32.61.234) smtp.rcpttodomain=mit.edu smtp.mailfrom=cmf.nrl.navy.mil;
dmarc=pass (p=reject sp=reject pct=100) action=none
header.from=cmf.nrl.navy.mil; dkim=pass (signature was verified)
header.d=nrl.navy.mil; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=yKlBmGs4/jwU7dfwrtA3Oyp/oG0IFQ1GXudZHQY15HE=;
b=f5kJvDUW/WhV/41z73iVzRBAqLNDP5tCtGpGB1WtU6xkFND2IE/2WBzzy3ULMOkfqUxyWQXnJWMZbkFvb/cNEllFxWgAVzJqSiugofuQR1nqAYieUd95nSeFrPpjA2Jq1F+YAq2TyU4Z62wuJ/fhhktXiQBfmgKl4oHJUULg1RE=
Authentication-Results: spf=pass (sender IP is 140.32.61.234)
smtp.mailfrom=cmf.nrl.navy.mil; dkim=pass (signature was verified)
header.d=nrl.navy.mil;dmarc=pass action=none header.from=cmf.nrl.navy.mil;
Received-SPF: Pass (protection.outlook.com: domain of cmf.nrl.navy.mil
designates 140.32.61.234 as permitted sender)
receiver=protection.outlook.com; client-ip=140.32.61.234; helo=mf.dren.mil;
pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nrl.navy.mil;
h=message-id : from :
to : cc : subject : in-reply-to : references : mime-version : content-type
: date; s=s2.dkim; bh=yKlBmGs4/jwU7dfwrtA3Oyp/oG0IFQ1GXudZHQY15HE=;
b=G9PIuyAJgJrg+9tikTnbbKEpmgtnbRJpkUbgMoL8HPf7pkPUpjouAT9kW9Wqhsb9QXG/
0ih0sS8mUWUyzlC0x+PQPwvVR34o2KKFbmqrVRZPWgK7AbwtaxLUH6sH65bxiGlX0f2+
/DGiw5fp/rx7TiiLtgJF/AivVGaE/M6LZiy1YzFFkl0tALnrZMwE3uMfullmTwch4dgR
vqS2jDsZO/o1PsM4OMccdrFo6Y7RFAZymZhHnmpA9+gGDnZ5WehE3Y6V26hSxeTRH7HU
yY4qfFrQPf42uDkOtTweUWFccqIXxkuqZoEl1YVsnuUxMOHlldNCzCGDQS7KKNk4Y/Gb aA==
In-Reply-To: <ZTiT0ub2uv5A/b4E@ubby21>
X-Face: "Evs"_GpJ]],xS)b$T2#V&{KfP_i2`TlPrY$Iv9+TQ!6+`~+l)#7I)0xr1>4hfd{#0B4
WIn3jU;bql;{2Uq%zw5bF4?%F&&j8@KaT?#vBGk}u07<+6/`.F-3_GA@6Bq5gN9\+s;_d
gD\SW #]iN_U0 KUmOR.P<|um5yP<ea#^"SJK;C*}fMI;Mv(aiO2z~9n.w?@\>kEpSD@*e`
X-NRLCMF-Spam-Score: () hits=0 User Authenticated
X-NRLCMF-Virus-Scanned:
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS1PEPF00017092:EE_|SJ0PR01MB6367:EE_
X-MS-Office365-Filtering-Correlation-Id: f66649fe-90f0-4ec3-e2ef-08dbd5592109
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: glagUuRCuRsjnQr4VCKwXIIYPFb6DRSbNZxvghcfBnXmBw/ZJfCwGVeW6xA+odXqjSxkDzfjI/i9vrK1ySv9aObGyWZDNzE92Sd+mwZVrUcXZjTglhkvV3WSD/Sr/xZMGlOAgfpKICrMOsScpPz6myJYGnWHL6Bowx2cbkO7h+nltN62P/Z70tXzr38xb9rDUXl3AhQdL6MurxdVHhzkkQJwbqJxva04MYsSLwKQCjeGG/khEtdj+hixwWDrmIWJ7EgLERE4TzQohOtRPcBAIANJemXlV/keCMgKtH90oOFE3N45tdvA1fXeH7JavPtEHUH2nD12oz9Of67YstJV+Nem8qnfBqtLomEBQToGZYYe4kQhRp3EFgUPczCPGnmtCEOgfHgKQpxQniXnfICwKMpBugh3fsNz5udF5qZsnUxvkHDQB0xUYbruyQOv2KZkJ4oyDxo0oThkQVSFsu0rClv2T2fDB3uNyh+bP3rT3oWsyveriB3BwvVrW/tb+UJjriZm+usePEkX+I6BHAnst/QyyhnzicP6lZnyepct8GCYIBqxS4w2dsvc4Lf6k4L8jRGJLrvWwfR2G3U5PMjYxN5hJ6dI7GpVt6QC/j5Ml3Wi3Q4g0mGSPzFj8NnjhvsynrWEpeKMggFwB5j4ZD5fEkYpZyFHAagmaimvvm/pItf43NzgaolOzpu3kj2zFqoTRu0aP92mz/vXsjD+5uWVjg==
X-Forefront-Antispam-Report: CIP:140.32.61.234; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mf.dren.mil; PTR:mfw.dren.mil; CAT:NONE;
SFS:(13230031)(4636009)(136003)(376002)(346002)(396003)(39860400002)(48200799006)(451199024)(64100799003)(61400799006)(5660300002)(786003)(70586007)(68406010)(316002)(2906002)(8676002)(4744005)(498600001)(6862004)(4326008)(956004)(1076003)(336012)(26005)(83380400001)(426003)(7636003)(356005)(86362001);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 12:51:38.3971 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f66649fe-90f0-4ec3-e2ef-08dbd5592109
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: DS1PEPF00017092.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR01MB6367
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <202310251251.39PCpTqc026799@hedwig.cmf.nrl.navy.mil>
X-Mailman-Original-References: <202310241950.39OJoa0Z000708@hedwig.cmf.nrl.navy.mil>
<3db2752e-565e-1f64-b354-9031a2fe9334@mit.edu> <ZTiT0ub2uv5A/b4E@ubby21>