A generic kerberizing project
hartmans at MIT.EDU
Mon May 14 19:39:10 EDT 2007
>>>>> "Pete" == Pete Martin <kerberos at pnmartin.fsnet.co.uk> writes:
Pete> Sam, Apologies for sending to the wrong list - and thanks
Pete> for the useful pointers.
Pete> To answer your points, I'm not planning to use Kerberos
Pete> solely to secure network traffic (authentication
Pete> also). Since both end-points share a secret session key
Pete> after the Kerberos exchange, the key is optionally used for
Pete> symmetric AES traffic encryption.
securing network traffic implies authentication.
Pete> Depending on the network service concerned, there may well
Pete> be a weaker application-level authentication protocol; the
Pete> solution proposed would not eliminate this, but wrap it with
Pete> an additional stronger, required authentication protocol.
This is a significant problem. We have lots of evidence that such
designs--where you have two authentication layers, but where they are
not bound--tend to create significant security problems in practice.
More information about the Kerberos