[1257] in Kerberos_V5_Development
Re: security flaw in get_in_tkt: address verification
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Sat Jun 1 09:39:17 1996
Date: Sat, 1 Jun 96 09:39:10 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: hartmans@MIT.EDU
Cc: epeisach@MIT.EDU, krbdev@MIT.EDU
In-Reply-To: <tsld93kwctn.fsf@tertius.mit.edu> (message from Sam Hartman on 31
May 1996 21:08:36 -0400)
Are you sure that there aren't situations involving proxies
through a firewall where the kdc, or agent between the kdc and client
might not reasonably add addresses to the tgt request? Do we want to
allow such usage?
Well, perhaps we do want to allow such usage, which again implies that
checking IP addresses is useless and counterproductive.
As marc points out, it would be better to have the client add the
addressess anyway. If we expliticlt allow the proxy to add them, then
we are *explicitly* making the address check useless, instead of its
current state of merely implied uselessness.
Barry
