[101] in 6.033 discussion
Re: SIS
Saltzer@ATHENA.MIT.EDU (Saltzer@ATHENA.MIT.EDU)
Mon Apr 22 22:01:37 1996
> One last note: for design project #2, you might want to think about
> whether kerberos itself is even secure enough at all. The kerberos
> paper clearly says that it was not designed for "sensitive data or
> high risk operations." (pg. 4) Why did the authors say this?
That quotation is a bit out of context. The original says "The environment
is not appropriate for sensitive data or high risk operations." The
environment referred to in that phrase is the collection of all the Athena
services taken together, file servers, printers, etc. The point is that an
attack on something other than Kerberos is probably an easier place to
begin.
The information protected by SIS is not maintained in the Athena
environment, it is in the registrar's environment, under a different
management regime. Without reviewing it, one couldn't say whether or not
that environment is appropriate for sensitive data.
The use of Kerberos to authenticate use of SIS reflects this distinction.
Tickets are short-lived because they are stored in an Athena workstation
where things are (presumably) much less controlled than in the registrar's
computer room.
Jerry S.