[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT statement

To: [email protected]
Subject: Re: CERT statement
From: Marc Horowitz <[email protected]>
Date: Thu, 26 Jan 1995 19:11:44 -0500
Cc: [email protected]
In-Reply-To: Your message of "Thu, 26 Jan 1995 19:06:46 EST." <[email protected]>
Sender: [email protected]

>> Kerberos per se isn't sufficient to defend against session hijacking
>> attacks, you know. The situation in question is really insidious and
>> requires packet-by-packet cryptographic authentication.

No, but kerberos or something like it is necessary.  And I think I can
safely say that anything which really defends against TCP sequence
spoofing or hijacking attacks will be more invasive and require more
effort than kerberos, not less.

		Marc

Follow-Ups:
- Re: CERT statement
  - From: "Perry E. Metzger" <[email protected]>

References:
- Re: CERT statement
  - From: "Perry E. Metzger" <[email protected]>

Prev by Date: Re: CERT statement
Next by Date: Re: Even more unix holy war. Was "Clinton freezes U.S. assets .."
Prev by thread: Re: CERT statement
Next by thread: Re: CERT statement
Index(es):
- Date
- Thread