[5029] in Kerberos
Re: Secure telnet/PPP/Kerberos/STEL/... (was Re: STEL: Secure TELnet -- Call for Beta Testers)
daemon@ATHENA.MIT.EDU (Planar)
Mon Apr 24 09:51:36 1995
To: kerberos@MIT.EDU
Date: 24 Apr 1995 13:07:41 GMT
From: Planar <Damien.Doligez@inria.fr>
On 21 Apr 1995, I wrote:
> But the solution to this problem is given in Schneier's book (and
> other places as well, I would expect):
In article <Pine.SUN.3.91.950421233204.8473D-100000@kerby.ocsg.com>, Joe Kovara <joek@kerby.ocsg.com> writes:
>Apologoies. I abbreviated a little too much in an attempt to keep things
>short. You are correct. Keyed Diffie Hellman is a solution.
As somebody from MIT pointed out to me in e-mail, my "solution" has a
big problem: by the time you detect the man-in-the-middle attack, the
attacker has your password. There's a way to avoid sending the
password itself to the other side, however.
Anyway, the point I would like to make is that I think STEL will be
useful, even witout any key management, even with plain Diffie-Hellman
and no provisions against a man-in-the-middle attack, simply because
spoofing is harder than snooping, on (many parts of) the Internet.
This would make STEL a low-security, low-hassle solution to the
well-known problem of password snooping. Not really competing with
Kerberos.
The point you are making, if I understand your messages correctly, is
that Kerberos' reputation of being hard to install and administrate is
largely undeserved. I would call that good news.
--
Planar
Disclaimer: I have nothing to do with Kerberos or STEL. My opinions
are only founded on what I have read about them.