[5548] in Kerberos
What is a GSSAPI channel binding?
daemon@ATHENA.MIT.EDU (Michael Shields)
Tue Jul 25 04:02:55 1995
To: kerberos@MIT.EDU
Date: 24 Jul 1995 10:59:46 -0000
From: shields@tembel.org (Michael Shields)
It's not clear to me what the abstraction of a GSSAPI channel binding
maps to on the level of a real protocol. The intent is to prevent replay
of a data stream from another host, correct? Isn't this redundant for
Kerberos, since the client address is in the authenticator? If having
addresses in the authenticator is optional in other protocols, shouldn't
this be handled like the per-message QOP option?
--
Shields.
