[262] in Kerberos_V5_Development
address vs. direction bits in SAFE, PRIV messages
jtkohl@ATHENA.MIT.EDU (jtkohl@ATHENA.MIT.EDU)
Thu Aug 30 11:21:52 1990
There is a possible problem with the KRB_SAFE and KRB_PRIV messages
we're currently spec'ed to use.
If a multi-homed host is communicating with a peer via an interface
which is not its primary address, there is the chance that the address
comparison for the direction bit will not work properly, if the two
sides have differing ideas of host#1's address.
We might fix this by using the {lowest,highest} address of the host, but
this means that each side needs to somehow determine the full set of
addresses that the other uses. The recipient can just look in the
addresses field of the message, but the sender would need some other
method to divine the answer.
A possible solution is to re-define the messages to include all known
sender addresses and exactly one recipient address. The recipient then
needs only to verify that the recipient address is one of its addresses,
and that the O/S report of the sender address matches one of the
addresses in the list.
We could then remove the direction bit altogether.
Other ideas/comments?
