[1772] in Kerberos_V5_Development
Re: protocol flaw (160 lines) (was: krbdev vs krbcore)
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Fri Sep 20 18:52:14 1996
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: don@cam.ov.com, krbcore@MIT.EDU
In-Reply-To: Your message of "Fri, 20 Sep 1996 18:41:46 EDT."
<199609202241.SAA14780@beeblebrox.MIT.EDU>
Date: Fri, 20 Sep 1996 18:52:09 EDT
From: Marc Horowitz <marc@MIT.EDU>
In message <199609202241.SAA14780@beeblebrox.MIT.EDU>, "Barry Jaspan" <bjaspan@MIT.EDU> writes:
>> Is there a reason the Kerberos protocol cannot be modified to use it
>> directly, thus solving the problem at its source?
Damn, now why didn't I think of that? :-)
I think it would be useful in hesiod, too, but good ideas often have
multiple applications.
>> C->KDC: C_dummy, S, PA_HASH_NAME=MD5(C|K_c)
I'm not sure why you include the client's key here. It doesn't seem
to add anything.
Marc
