[732] in Kerberos
Re: Distinguishing "users" and "services"
daemon@TELECOM.MIT.EDU (Li GONG)
Fri May 19 11:01:47 1989
From: mcvax!ukc!cam-cl!lg@UUNET.UU.NET (Li GONG)
To: kerberos@ATHENA.MIT.EDU
Here I'd like to add another reason why I consider distinguishing "users"
and "services" is useful.
In a recent work at our Lab, a notion of "verifiable-plaintext attacks"
was recognised. We proposed a fix using public-key system in one direction,
the initial messages from client A and B to server S.
If B is a server which has a well-chosen key shared with S, there is no need
to use public-key system between B and S. Also the configuration of the
authentication protocol (the order of messages) can be different which may
make the protocol cheaper. Just simple as that.
____________________________________________________________________________
| Li GONG (+44223-334650) University of Cambridge, Computer Laboratory |
| Pembroke Street, Cambridge CB2 3QG, England |
| InterNet/CSnet : lg%cl.cam.ac.uk@cunyvm.cuny.edu (or @nss.cs.ucl.ac.uk) |
| UUCP : ...!ukc!nss.cs.ucl.ac.uk!cam-cl!lg Bitnet/EAN : lg%cl.cam@ac.uk |
----------------------------------------------------------------------------
