One Time Identification, a request for comments/testing.

g.w@hurderos.org g.w at hurderos.org
Tue Feb 6 20:15:38 EST 2007


On Feb 5, 10:04am, Sam Hartman wrote:
} Subject: Re: One Time Identification, a request for comments/testing.

Good evening to everyone.

> >>>>> "g" == g w <g.w at hurderos.org> writes:
> 
>     g> On Feb 1, 6:47pm, Sam Hartman wrote: } Subject: Re: One Time
>     g> Identification, a request for comments/testing.
> 
>     g> Good morning to everyone, hope your weekend is going well.
> 
>     >> OK, so the requirements you are trying to meet are:
>     >> 
>     >> 1) soft token support for flash drives.
>     >> 
>     >> 2) Support for central password management.
>     >> 
>     >> 3) Allow minimal or no identifying information on the token.
>     >> 
>     >> Any more?
> 
>     g> Just a point of clarification.
> 
>     g> Are we discussing requirements for general soft token support
>     g> or what OTI attempts to bring to the table?
> 
>     g> If the latter is the case I would offer
> 
>     g> 	- Authentication attempt unique keying.
> 
> What is this?

OTI generates a unique symmetric key for each authentication attempt,
within a granularity of one second.  If people are convinced the
scheme has strong replay attack avoidance it could be used
bi-directionally, ie, for the AP_REP as well.

I like to think of it as OTP designed specifically for the direct
Kerberos authentication model.

>     g> 	- Token invariance across password changes.  That may actually
>     g> be a subset of #2 above.

> Why do we want this as a requirement?

Practical logistics for centralized password management.

If the user changes their password you want to avoid having to
distribute a new token to them.

}-- End of excerpt from Sam Hartman

As always,
Greg

------------------------------------------------------------------------------
			 The Hurderos Project
         Open Identity, Service and Authorization Management
                       http://www.hurderos.org

"There's nothing in the middle of the road 'cept yellow lines and
squashed armadillos."
                                -- Mike Hightower



More information about the Kerberos mailing list