[1918] in Kerberos_V5_Development
Re: Cygnus changes for your consideration
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Thu Oct 31 13:50:59 1996
To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: Mark Eichin <eichin@cygnus.com>, krbdev@MIT.EDU
From: Ken Raeburn <raeburn@cygnus.com>
Date: 31 Oct 1996 13:09:22 -0500
In-Reply-To: "Theodore Y. Ts'o"'s message of Thu, 31 Oct 1996 12:39:44 -0500
> + kdc: v4: ken's multiple-server time skew fixes
> Expand, please?
If two KDCs have different clock values, and you talk to one for the
kdc and the other for additional tickets, depending on the timing, the
second can be confused into issuing 255-lifetime tickets.
> + kdc: NOCACHE changes (big speed improvement, but a potential security
> concern; turns off both rcache and lookaside.)
> Punt for now, I think...
Fine for 1.0, but the alleged security issues need to be examined, and
I don't know enough about them, and I'm no cryptography expert. This
was raised months ago; has nothing further been done? If we need an
expert cryptographer, let's find one.
