Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.9.3p2) with ESMTP id QAA14984; Mon, 23 Feb 2004 16:51:35 -0500 (EST)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by biscayne-one-station.mit.edu (8.12.4/8.9.2) with ESMTP id i1NLpYqC015695; Mon, 23 Feb 2004 16:51:34 -0500 (EST)
Received: from mit.edu (KEN-WIRELESS.MIT.EDU [18.18.1.76]) (authenticated bits=56) (User authenticated as raeburn@ATHENA.MIT.EDU) by melbourne-city-street.mit.edu (8.12.4/8.12.4) with ESMTP id i1NLpWTC017345 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NOT); Mon, 23 Feb 2004 16:51:33 -0500 (EST)
Date: Mon, 23 Feb 2004 16:51:31 -0500
Subject: Re: [krbdev.mit.edu #2266] wrap_size_limit broken for CFX
Content-Type: text/plain; charset=US-ASCII; format=flowed
MIME-Version: 1.0 (Apple Message framework v553)
Cc: Ken Raeburn <raeburn@mit.edu>, rt-comment@krbdev.mit.edu
To: wyllys.ingersoll@sun.com
From: Ken Raeburn <raeburn@MIT.EDU>
In-Reply-To: <1077571398.13048.134.camel@pebblebeach.wki.test.net>
Message-Id: <712FD92E-664A-11D8-8B91-000A95909EE2@mit.edu>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.553)
RT-Send-Cc: 
X-RT-Original-Encoding: us-ascii
Content-Length: 717

On Monday, Feb 23, 2004, at 16:23 US/Eastern, Wyllys Ingersoll wrote:
> One more thing - wouldn't it be better to use the newer
> krb5_c_encrypt_length() routine here and get rid of one more
> use of the old 'krb5_encrypt_size' API?
>

*sigh*  Yep.  Actually, even krb5_c_encrypt_length goes in the wrong 
direction (more obvious if you look at enctypes like DES that round up 
to a multiple of a block size); we should instead add to the crypto API 
a function that implements some sort of encrypt_size_limit 
functionality.

The old crypto API is still in our export lists; I think we're probably 
going to leave it as is for now, and fix it up properly for a future 
release.  I've opened a new ticket on that...