[858] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Proposed Kerberos V5 Password Changing Algorithm

daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon Feb 20 20:44:15 1995

To: John Gilmore <gnu@cygnus.com>
Cc: krbdev@MIT.EDU, "Theodore Ts'o" <tytso@MIT.EDU>
Date: Mon, 20 Feb 1995 20:42:55 EST
From: Marc Horowitz <marc@MIT.EDU>

What John's asking for is similar to what the FTP security extentions
do, and I believe what the IMAP security extensions do, too.  The
major difference is that when FTP starts encrypting the command
channel, instead of encrypting the whole stream, it replaces

	GET foo
	DIR bar

with

	ENC <base64-encoded encrypted "GET foo">
	ENC <base64-encoded encrypted "DIR bar">

My experience is that this is neither hard to implement or debug.

If we're going to go ahead with something like this, perhaps we should
steal the negotiation protocol from FTP or IMAP.  I think this would
be a fine idea.

		Marc


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[858] in Kerberos_V5_Development

Re: Proposed Kerberos V5 Password Changing Algorithm

daemon@ATHENA.MIT.EDU (Marc Horowitz)Mon Feb 20 20:44:15 1995

daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon Feb 20 20:44:15 1995