[5029] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Secure telnet/PPP/Kerberos/STEL/... (was Re: STEL: Secure TELnet -- Call for Beta Testers)

daemon@ATHENA.MIT.EDU (Planar)
Mon Apr 24 09:51:36 1995

To: kerberos@MIT.EDU
Date: 24 Apr 1995 13:07:41 GMT
From: Planar <Damien.Doligez@inria.fr>

On 21 Apr 1995, I wrote:

> But the solution to this problem is given in Schneier's book (and
> other places as well, I would expect):

In article <Pine.SUN.3.91.950421233204.8473D-100000@kerby.ocsg.com>, Joe Kovara <joek@kerby.ocsg.com> writes:

>Apologoies.  I abbreviated a little too much in an attempt to keep things
>short.  You are correct.  Keyed Diffie Hellman is a solution.

As somebody from MIT pointed out to me in e-mail, my "solution" has a
big problem: by the time you detect the man-in-the-middle attack, the
attacker has your password.  There's a way to avoid sending the
password itself to the other side, however.

Anyway, the point I would like to make is that I think STEL will be
useful, even witout any key management, even with plain Diffie-Hellman
and no provisions against a man-in-the-middle attack, simply because
spoofing is harder than snooping, on (many parts of) the Internet.

This would make STEL a low-security, low-hassle solution to the
well-known problem of password snooping.  Not really competing with
Kerberos.

The point you are making, if I understand your messages correctly, is
that Kerberos' reputation of being hard to install and administrate is
largely undeserved.  I would call that good news.

-- 
Planar

Disclaimer: I have nothing to do with Kerberos or STEL.  My opinions
are only founded on what I have read about them.

home help back first fref pref prev next nref lref last post