Challenging clients, why another ping-pong?

Rick van Rein rick at openfortress.nl
Mon Feb 3 09:41:35 EST 2014


Hello,

GSSAPI-based protocols have an option of challenging a client with a counter value.  This is done after the client submits a ticket.

Looking at SPNEGO (and probably other protocols as well) I see that the server can take the initiative for an GSSAPI exchange, and when doing so, it could already challenge the client.

The way I see it, asking a client to decrypt *anything* is possible, as long as the result is unpredictable to the client of course.  For instance, a random byte series could be created by the server and sent to the client for decryption.  Whatever the block cipher makes of that, is the proper answer; the server can make the same computation when it receives the ticket (with the session key) and the response to the challenge (decrypted with the session key).

This would save a back-and-forth hop.  Why is this not done?  Are there cryptographic reasons that I am missing?

Thanks,
 -Rick


More information about the Kerberos mailing list