[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC == end of firewalls




I won't address the rest of the commentary, but I ought to answer this.

Frank Willoughby writes:
> >> the word "probably" was deliberate.  Kerberos was also thought to be
> >> secure - 'til it was compromised.
> >
> >Kerberos was compromised? When? By whom? Are you talking about
> >Bellovin's paper on weaknesses in Kerberos (most of which are
> >avoidable or fixed in K5), or are you talking about a real break? If
> >the latter, its the first that I've heard of it.
> 
> Actually, I was refering to Bellovin's paper.

Bellovin's paper doesn't list real breaks in Kerberos. It notes
problems, which are real but not fatal and have been largely fixed.

> Surely you don't think
> that the bugs that were discovered are the only ones which can be 
> exploited and that Kerberos (or any other software product) is invincible?
> I don't.  

Look, you clearly made a big claim -- that Kerberos had been
compromised. If you can't back such comments up, don't make such
claims.

.pm