[101] in 6.033 discussion

home help back first fref pref prev next nref lref last post

Re: SIS

Saltzer@ATHENA.MIT.EDU (Saltzer@ATHENA.MIT.EDU)
Mon Apr 22 22:01:37 1996

> One last note: for design project #2, you might want to think about
> whether kerberos itself is even secure enough at all. The kerberos
> paper clearly says that it was not designed for "sensitive data or
> high risk operations." (pg. 4) Why did the authors say this?

That quotation is a bit out of context.  The original says "The environment 
is not appropriate for sensitive data or high risk operations."  The 
environment referred to in that phrase is the collection of all the Athena 
services taken together, file servers, printers, etc.  The point is that an 
attack on something other than Kerberos is probably an easier place to 
begin.

The information protected by SIS is not maintained in the Athena 
environment, it is in the registrar's environment, under a different 
management regime.  Without reviewing it, one couldn't say whether or not 
that environment is appropriate for sensitive data.

The use of Kerberos to authenticate use of SIS reflects this distinction.  
Tickets are short-lived because they are stored in an Athena workstation 
where things are (presumably) much less controlled than in the registrar's 
computer room.

                        Jerry S.

home help back first fref pref prev next nref lref last post