[2159] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: krb5_mk_priv keeps a replay cache

daemon@ATHENA.MIT.EDU (Marc Horowitz)
Fri Jan 3 16:07:18 1997

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: krbdev@MIT.EDU
From: Marc Horowitz <marc@cygnus.com>
Date: 03 Jan 1997 16:06:48 -0500
In-Reply-To: "Theodore Y. Ts'o"'s message of Fri, 3 Jan 1997 01:49:12 -0500

"Theodore Y. Ts'o" <tytso@MIT.EDU> writes:

>>    From: Marc Horowitz <marc@cygnus.com>
>>    Date: 02 Jan 1997 18:05:15 -0500
>> 
>>    Is there a reason for this, or should be code be shot and killed at
>>    dawn?
>> 
>> The KRB5_AP_PRIV message can protect against replay using either a
>> sequence number, or using a timestamp.  If you're using a timestamp, you
>> need the replay cache as well to provide full protection against
>> replays.

This is a rational argument for maintaining a replay cache in
krb5_rd_priv, but why keep a cache in krb5_mk_priv?

		Marc


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2159] in Kerberos_V5_Development

Re: krb5_mk_priv keeps a replay cache

daemon@ATHENA.MIT.EDU (Marc Horowitz)Fri Jan 3 16:07:18 1997

daemon@ATHENA.MIT.EDU (Marc Horowitz)
Fri Jan 3 16:07:18 1997