STARTTLS extension

Rick van Rein (OpenFortress) rick at openfortress.nl
Wed Oct 9 07:12:02 EDT 2013


Hi HJ,

Thanks!

> The plain network traffic between client and KDC is vulnerable to dictionary attacks on
> weak user  passwords.

If I understand you correctly, you are saying that the packets themselves provide information
suitable to build dictionary attacks, and unlike the KDC which could fend off heavy queries,
this is not the case after a login packet has been observed.

Please forgive me for not knowing the protocols yet -- it's only been 3 (intensive) weeks of
Kerberos for me.

This sounds like an SRP-based scheme would make a lot of sense to the exchange with the KDC.
Except that it isn't standardised AFAIK, and TLS is.  Your point is clear.

> There are already tunneling mechansims available for MIT Kerberos
> like PKINIT and FAST but I find them rather complicated to implement.

Are you missing documentation perhaps?  Wouldn't surprise me, I've also missed guidance.

> TLS would make things definitely easier. The GNU Kerberos solution shishi has support
> for TLS for example.

TLS makes things easier to administer, except for certificate juggling and modern DANE
requirements, but I don't like its footprint of network traffic and verification time.  That's the
reason I asked -- curiosity about pros.


Thanks,

Rick van Rein
OpenFortress


More information about the Kerberos mailing list