[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT statement

To: Marc Horowitz <[email protected]>
Subject: Re: CERT statement
From: "Perry E. Metzger" <[email protected]>
Date: Thu, 26 Jan 1995 19:23:05 -0500
Cc: [email protected]
In-Reply-To: Your message of "Thu, 26 Jan 1995 19:11:44 EST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


Marc Horowitz says:
> >> Kerberos per se isn't sufficient to defend against session hijacking
> >> attacks, you know. The situation in question is really insidious and
> >> requires packet-by-packet cryptographic authentication.
> 
> No, but kerberos or something like it is necessary.

Well, sort of. A key management system that operates sort of like
Kerberos' is necessary. However, thats really far from
sufficient. Most Kerberized protocols authenticate only at the
beginning of the session -- very very hijackable.

> And I think I can safely say that anything which really defends
> against TCP sequence spoofing or hijacking attacks will be more
> invasive and require more effort than kerberos, not less.

Oh, hardly the case -- in fact in the architecture of the system I'm
developing things are actually slightly easier than in the kerberos
situation. Invasive I'll agree with -- encrypted/authenticated IP
requires kernel mods. However, they can be made fairly painless.

I'll point out, by the way, that one of the major problems with
kerberos is just bad documentation and difficult build tools.

Perry

References:
- Re: CERT statement
  - From: Marc Horowitz <[email protected]>

Prev by Date: Re: pgp content type RFC
Next by Date: Re: Reordering, not Latency (Was: Re: Remailer)
Prev by thread: Re: CERT statement
Next by thread: Re: CERT statement
Index(es):
- Date
- Thread