[27773] in Kerberos
Re: A generic kerberizing project
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon May 14 19:39:20 2007
From: Sam Hartman <hartmans@mit.edu>
To: Pete Martin <kerberos@pnmartin.fsnet.co.uk>
Date: Mon, 14 May 2007 19:39:10 -0400
In-Reply-To: <1178961632.14548.57.camel@galileo.lan> (Pete Martin's message of
"Sat, 12 May 2007 10:20:32 +0100")
Message-ID: <tsl3b1zq8kh.fsf@mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>>>>> "Pete" == Pete Martin <kerberos@pnmartin.fsnet.co.uk> writes:
Pete> Sam, Apologies for sending to the wrong list - and thanks
Pete> for the useful pointers.
Pete> To answer your points, I'm not planning to use Kerberos
Pete> solely to secure network traffic (authentication
Pete> also). Since both end-points share a secret session key
Pete> after the Kerberos exchange, the key is optionally used for
Pete> symmetric AES traffic encryption.
securing network traffic implies authentication.
Pete> Depending on the network service concerned, there may well
Pete> be a weaker application-level authentication protocol; the
Pete> solution proposed would not eliminate this, but wrap it with
Pete> an additional stronger, required authentication protocol.
This is a significant problem. We have lots of evidence that such
designs--where you have two authentication layers, but where they are
not bound--tend to create significant security problems in practice.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
