Updated NAT fixes

Derek Atkins warlord at MIT.EDU
Fri Apr 12 10:23:00 EDT 2002

Nicolas Williams <Nicolas.Williams at ubsw.com> writes:

> Is it fair to say that between sequence numbers, sub-keys, replay
> caching for AP messages and directional host address there is no need
> for replay caching of priv/safe/cred messages?
> Nico

No, I think you still need to 'cache' priv/safe/cred messages.  I'm
not convinced that caching AP messages is sufficient to prevent a
replay attack.


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the krbdev mailing list