[296] in Kerberos
Re: Timestamps revisited
daemon@TELECOM.MIT.EDU (Steve Miller)
Mon Dec 21 11:37:50 1987
From: miller%erlang.DEC@DECWRL.DEC.COM (Steve Miller)
To: kerberos@ATHENA.MIT.EDU
If you want to make the documentation entirely accurate, but without
drowning the intent in the detail, you would have to make the further changes
I am suggesting, marked by >> and CAPITALIZED. Also note that "time of day"
is misleading, since the timestamp includes both the date and time.
Steve.
-----------
From: DECWRL::"steiner@ATHENA.MIT.EDU" "21-Dec-87 1044 EST" 21-DEC-1987 10:48
To: kerberos@ATHENA.MIT.EDU
Subj: timestamps revisited
According to Steve's mail about timestamps, there are
two timestamps sent back to the client from the authentication
server: one is a copy of the client's original timestamp, sent
in the clear; the other is the Kerberos timestamp, sent back to
the client encrypted in the client's private key.
In that case, the Technical Plan is misleading. It says
... Anyone could send such a message or intercept its
response; that response, however, is usable only to the client named in
the original request, because Kerberos seals the response by
enciphering it in the private key of that client. The response contains
three parts: the ticket (which itself is further sealed in the private
key of the service), a newly-minted key for use in this client-server
session, and a copy of the timestamp that was in the original request.
I've modified it to read:
... Anyone could send such a message or intercept its
response; that response, however, is usable only to the client named in
>> the original request, because Kerberos seals PART OF the response by
>> enciphering it in the private key of that client. The SEALED PART OF THE
response contains
three parts: the ticket (which itself is further sealed in the private
key of the service), a newly-minted key for use in this client-server
session, and the TIMESTAMP according to the Kerberos server. A copy
of the client's original timestamp is returned in the clear, as a
bookkeeping aid to the client.
Jennifer
========================================================================
Received: from ATHENA.MIT.EDU by decwrl.dec.com (5.54.4/4.7.34)
id AA01776; Mon, 21 Dec 87 07:46:39 PST
Received: by ATHENA.MIT.EDU (5.45/4.7) id AA16754; Mon, 21 Dec 87 10:44:54 EST
Received: by BRAHMS.MIT.EDU (5.45/4.7) id AA00364; Mon, 21 Dec 87 10:44:48 EST
Message-Id: <8712211544.AA00364@BRAHMS.MIT.EDU>
Organization: Project Athena, MIT Cambridge MA
