A generic kerberizing project

Sam Hartman hartmans at MIT.EDU
Mon May 14 19:39:10 EDT 2007

>>>>> "Pete" == Pete Martin <kerberos at pnmartin.fsnet.co.uk> writes:

    Pete> Sam, Apologies for sending to the wrong list - and thanks
    Pete> for the useful pointers.

    Pete> To answer your points, I'm not planning to use Kerberos
    Pete> solely to secure network traffic (authentication
    Pete> also). Since both end-points share a secret session key
    Pete> after the Kerberos exchange, the key is optionally used for
    Pete> symmetric AES traffic encryption.

securing network traffic implies authentication.

    Pete> Depending on the network service concerned, there may well
    Pete> be a weaker application-level authentication protocol; the
    Pete> solution proposed would not eliminate this, but wrap it with
    Pete> an additional stronger, required authentication protocol.

This is a significant problem.  We have lots of evidence that such
designs--where you have two authentication layers, but where they are
not bound--tend to create significant security problems in practice.

More information about the Kerberos mailing list