Is "SPN advertisement" or well-known SPNs a security hole?

Srinivas Kakde srinivas.kakde at yahoo.com
Mon Jan 14 19:00:11 EST 2008


Jeffrey,

Thank you for your response.  Now I have more questions:

Jeffrey Altman wrote:
> It would be like walking down the street looking 

> for an undercover police officer and instead finding a drug dealer.
  You 

> decide to authenticate the undercover officer by calling the police 

> precinct but instead of using a phone number for the precinct that you 

> obtained from the Verizon phone book you ask the drug dealer for the 

> phone number of the precinct.  When you call the provided number, his 

> accomplice answers and confirms that he is in fact a police officer.



This example assumes that I don't already have a prior relationship
with the precinct.  I do have prior relationship with the precinct. 
When the precinct responds to a officer validation request from me they
always conclude their message with a secret phrase that only the
precinct and I know. This way I know if I'm being tricked.  Is this not
like Kerberos?


Jeffrey Altman wrote:
> The security of the authentication is based upon the name.  By asking 

> you to authenticate to a name selected by the attacker, you can be 

> tricked into using a KDC that is in fact under the control of the 

> attacker. 



Are you sure this is right?  I think in Kerberos, knowledge of a
shared secret (not knowledge of the principal name) is the foundation
for trust?  In the case of a AS-REQ/AS-REP exchange, what would the malicious KDC
use to encrypt the EncKDCRepPart of the KDC-REP such that the decrypted
nonce would match what the client supplied in the KDC-REQ?  




      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping


More information about the Kerberos mailing list