[4892] in WWW Security List Archive
CIFS Authentication Protocol Review
daemon@ATHENA.MIT.EDU (Paul Leach)
Tue Mar 25 19:56:27 1997
From: Paul Leach <paulle@microsoft.com>
To: "'cifs@listserv.msn.com'" <cifs@listserv.msn.com>,
"'WWW-SECURITY@ns2.rutgers.edu'" <WWW-SECURITY@ns2.rutgers.edu>,
"'NTBUGTRAQ@RC.ON.CA'" <NTBUGTRAQ@RC.ON.CA>,
"'ntsecurity@iss.net'"
<ntsecurity@iss.net>
Date: Tue, 25 Mar 1997 13:18:14 -0800
Errors-To: owner-www-security@ns2.rutgers.edu
We are releasing preliminary drafts of the proposed fixes to the
CIFS/SMB authentication protocols for widespread public review. If they
pass review, they will be in Service Pack 3 for NT 4.0.
The original protocol from which the new version descends was designed
more than a decade ago; recently, quite a few weaknesses have been found
in those previous versions. This latest revision is an attempt to repair
those weaknesses with as small a change to the protocol as possible, so
that it can be incrementally and rapidly deployed.
All three documents are available in .doc, .txt and postscript.
Information on how to get them is available from:
ftp://ftp.microsoft.com/developr/drg/cifs/sec.htm
All followup discussion should be on the CIFS mailing list at
CIFS@listserv.msn.com.
Your comments are actively solicited.
------------------------------
Paul J. Leach
paulle@microsoft.com
