Updated NAT fixes
Derek Atkins
warlord at MIT.EDU
Fri Apr 12 10:23:00 EDT 2002
Nicolas Williams <Nicolas.Williams at ubsw.com> writes:
> Is it fair to say that between sequence numbers, sub-keys, replay
> caching for AP messages and directional host address there is no need
> for replay caching of priv/safe/cred messages?
>
> Nico
No, I think you still need to 'cache' priv/safe/cred messages. I'm
not convinced that caching AP messages is sufficient to prevent a
replay attack.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the krbdev
mailing list