3.1.5.3 Cryptographic Computations
The message signing and verification in NEGOEX is based on [RFC3961], which is used as a generic framework. This application is not Kerberos specific. A security mechanism MUST support [RFC3961] to be negotiated by NEGOEX.
The initiator generates a random, cryptographic-strength 16-byte CONVERSATION_ID value (section 2.2.2) and stores it in the NEGO_MESSAGE message (section 2.2.6.3) MESSAGE_HEADER structure (section 2.2.6.2) ConversationId field. The acceptor extracts the ConversationId from the NEGO_MESSAGE message and stores it for the context handle to be used in successive message headers.