Armor key negotiation in FAST
Greg Hudson
ghudson at MIT.EDU
Fri Oct 26 11:08:53 EDT 2012
On 10/26/2012 07:27 AM, Simon.Jansen at t-systems.com wrote:
> I can not see how the armor key is negotiated initially in the AS request.
See section 5.4.1 and in particular 5.4.1.1.
> I read in the MSDN (http://msdn.microsoft.com/en-us/library/hh536467%28v=prot.20%29.aspx) that clients first obtain an TGT for the computer principal. This conversation is not armored. Then they use the computer TGT for armoring the user's AS exchange. Is this the standard behavior or a Microsoft specific implementation?
The standard is mostly agnostic about how the ticket for a
FX_FAST_ARMOR_AP_REQUEST is obtained, but that's how the designers of
FAST envisioned it being used. The assumption is that host keys are
strong, and therefore it isn't necessary to protect an AS request using
a host key from brute-force attacks.
Another way to obtain a ticket for the armoring request is to use
anonymous PKINIT. This is more computationally expensive, so using a
TGT obtained with a host key is generally preferrable if one exists.
More information about the Kerberos
mailing list