[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT statement



On Thu, 26 Jan 1995, Perry E. Metzger wrote:

> Kerberos per se isn't sufficient to defend against session hijacking
> attacks, you know. The situation in question is really insidious and
> requires packet-by-packet cryptographic authentication.

Do you really need to authenticate every packet?  Isn't it enough to 
authenticate the party and perform a secure key exchange, then depend on 
the encryption (+ message authentication code for block ciphers) ?

-Thomas