[16873] in Kerberos_V5_Development
Re: Authdata, preauth plugin headers
daemon@ATHENA.MIT.EDU (Linus Nordberg)
Mon Jun 13 10:48:14 2011
To: krbdev@mit.edu
From: Linus Nordberg <linus@nordu.net>
Date: Mon, 13 Jun 2011 16:47:55 +0200
Message-ID: <87ips9zt2c.fsf@nordberg.se>
Mime-Version: 1.0
X-Complaints-To: usenet@dough.gmane.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Sam Hartman <hartmans@MIT.EDU> wrote
Fri, 10 Jun 2011 13:13:34 -0400:
| Forc this protocol accepting replays is probably a bad idea.
What kind of OTP systems are vulnerable to replay attacks?
And what are the replay attacks? Could it be something else than
gaining a ticket, f.ex. desynchronising? Do we have replay attacks on
_parts_ of the chain that we have to protect against?
The OTP preauth draft touches on the subject in section 6.4 but I think
I'd need some more thoughts.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
