[5638] in Kerberos
Re: SSL as Kerb replacement?
daemon@ATHENA.MIT.EDU (Donald T. Davis)
Wed Aug 9 09:12:44 1995
To: bkelley@cup.hp.com (Bob Kelley)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "08 Aug 1995 21:01:34 GMT."
<408jbe$l8a@hpindda.cup.hp.com>
Date: Wed, 09 Aug 1995 09:03:54 -0400
From: "Donald T. Davis" <don@cam.ov.com>
bob kelley writes:
> Have any of you thought about using SSL-ized applications
> (telnet, ftp, etc) instead of kerberized applications? I
> got the SSLeay library and ftp/telnet/httpd and was quite
> impressed by them vs kerberized apps. No KDC required!
ssl is insecure on several counts:
* it doesn't require the application client to
authenticate himself.
* it cannot assure the appl server that the client-
generated session-key is fresh and randomly-generated.
netscape's key-generating prng is particularly weak.
* it's vulnerable to a man-in-the-middle attack, because
there is no way for the user to authenticate his top-
level certification authority keys.
kerberos is invulnerable to these weaknesses.
i presented the man-in-the-middle attack in a paper at
the 1st usenix workshop on electronic commerce, which
was held in manhattan last month. the proceedings are
in press now, and will be out soon.
-don davis, boston
