GSSAPI Key Exchange Patch

[Carson Gaspar]

Damien Miller wrote:

> Yes - we are very scared of adding features that lead to more
> pre-authentication attack surface, especially when they delegate to
> complex libraries with patchy security histories.

The risk of a pre-auth GSSAPI bug is far less than the nearly
_impossible_ key management problem without it. Sun has integrated the
patch. My employer is rolling it out, and is asking Red Hat to include
it. At this point, _not_ incorporating it upstream is just leading to a
de facto source code fork. I strongly suggest the maintainers reconsider
their position.

-- 
Carson