*blush* I solved my own question!
> I found that the Kerberos mechanism for GSS-API includes a sequence number > that is incremented with each wrapped or MIC’d message. I assume that the > receiving side would verify that sequence number, and drop any thing too old, > and perhaps also anything too new. This would mean that Kerberos over > GSS-API enforces a strict ordering, and is thus too limiting to use with > SCTP. Am I correct? I found a GSS_C_SEQUENCE_FLAG, but it is not documented > in RFC 4121 that mentions it :-S I found GSS_C_SEQUENCE_FLAG defined in RFC 1509, as a general flag for GSS-API mechanisms. And, there is an alternative flag GSS_C_REPLAY_FLAG that is also available in the Kerberos mapping of GSS-API. So the answer appears to be “yes, you can do this with Kerberos”. I’m going to assume that MIT krb5 will indeed implement these. -Rick ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
