[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT statement

To: Marc Horowitz <[email protected]>
Subject: Re: CERT statement
From: "Perry E. Metzger" <[email protected]>
Date: Thu, 26 Jan 1995 19:06:46 -0500
Cc: [email protected]
In-Reply-To: Your message of "Thu, 26 Jan 1995 16:42:17 EST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


Marc Horowitz says:
> You're exactly right.  However, getting people to deploy real security
> systems is nearly impossible.  My company sells a kerberos system, and
> although everyone is saying they want security, nobody really
> understands what this means, and as soon as we tell them that it
> actually involves effort, they become far less interested.

Kerberos per se isn't sufficient to defend against session hijacking
attacks, you know. The situation in question is really insidious and
requires packet-by-packet cryptographic authentication.

Perry

Follow-Ups:
- Re: CERT statement
  - From: Marc Horowitz <[email protected]>
- Re: CERT statement
  - From: Thomas Grant Edwards <[email protected]>

References:
- Re: CERT statement
  - From: Marc Horowitz <[email protected]>

Prev by Date: Re: Even more unix holy war. Was "Clinton freezes U.S. assets .."
Next by Date: Re: CERT statement
Prev by thread: Re: CERT statement
Next by thread: Re: CERT statement
Index(es):
- Date
- Thread