[2161] in Kerberos_V5_Development
Re: krb5_mk_priv keeps a replay cache
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Fri Jan 3 19:23:37 1997
To: krbdev@MIT.EDU
From: Marc Horowitz <marc@cygnus.com>
Date: 03 Jan 1997 19:23:25 -0500
In-Reply-To: "Theodore Y. Ts'o"'s message of Fri, 3 Jan 1997 18:43:11 -0500
"Theodore Y. Ts'o" <tytso@MIT.EDU> writes:
>> From: Marc Horowitz <marc@cygnus.com>
>> Date: 03 Jan 1997 16:06:48 -0500
>>
>> >> From: Marc Horowitz <marc@cygnus.com>
>> >> Date: 02 Jan 1997 18:05:15 -0500
>> >>
>> >> Is there a reason for this, or should be code be shot and killed at
>> >> dawn?
>> >>
>> >> The KRB5_AP_PRIV message can protect against replay using either a
>> >> sequence number, or using a timestamp. If you're using a timestamp, you
>> >> need the replay cache as well to provide full protection against
>> >> replays.
>>
>> This is a rational argument for maintaining a replay cache in
>> krb5_rd_priv, but why keep a cache in krb5_mk_priv?
>>
>> To prevent an attacker from taking a message you generating using
>> krb5_mk_priv, and sending it back at you.
Oh, ick. Why didn't the protocol just include a direction bit?
Marc
