[538] in Kerberos
Re: A collection of suggested changes to Kerberos.
daemon@TELECOM.MIT.EDU (Jon Rochlis)
Sat Dec 3 00:50:18 1988
From: Jon Rochlis <jon@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
In-Reply-To: Bill Sommerfeld's message of Mon, 28 Nov 88 14:27:00 EDT,
1.12) Having the null realm in a ticket imply local realm.
Ted Anderson suggested a "normal case optimization", which was that,
in the case where the client realm and server realm were the same, the
client realm should be replaced with the null string; this will
typically shave about 15 bytes (about two DES cypher blocks) out of
the ticket, saving a noticeable amount of time in encryption.
I think worrying about how many bytes in the ticket wind up being
encypted is not worth the time or effort, unless there are other
reasons not releated to efficiency (i.e. chosen-plaintext attacks).
The ticket sizes we're talking about are so small and due to careful
design the frequency of ticket requests is also small that the amount of
encyption is neglible. This is certainly the case for all current clients and
servers (including the alleged bottleneck of the KDC).
-- Jon
