On Fri, 30 Jan 2004, Wachdorf, Daniel R wrote:
> Well,
>
> It could be a problem. If someone has implemented a client and doesn't do
^^^^^^^^^^
> mutual auth (as the standard says they should), they could be broken.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This right here is the key to me. If someone is not following the RFC.
Then I say let them complaint to their vendor.
Again I ask.. As the code stands are *WE* in RFC compliance? If not we
need it fixed.
As for what to base it off of. Pick a recent snapshot. Not as if the
GSSAPI-WITH-MIC code has drasticly changed in the last few days.
- Ben
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
