gssapi-keyex vs. gssapi-with-mic
Christoph Anton Mitterer
calestyo at scientia.net
Sat Nov 8 10:16:46 EST 2014
Hey.
What are the differences (if any) between the authentication methods
gssapi-keyex and gssapi-with-mic, especially from a security point of
view.
I understand, that gssapi-keyex works of course only when the KEX was
made via GSS, while gssapi-with-mic works also with normal SSH KEX.
gssapi-with-mic in turn works also with GSS KEX.
RFC 4462 doesn't seem to tell much about the disadvantages / advantages
of the two over each other. And as far as I understand gssapi-keyex uses
a MIC as well?
Thanks,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141108/e5ced943/attachment-0001.bin>
More information about the openssh-unix-dev
mailing list