Interoperability between MIT and Heimdal wrt to MIC verification?
Sam Hartman
hartmans at debian.org
Wed Nov 6 18:06:01 EST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've looked at the patch supplied and apparently what is happening is
that Heimdal does not use an IV for the sequence number in 3des MICs.
Unfortunately, the IV is part of the security of an RFC 1964 GSSAPI
mechanism's sequence number. The IV binds the sequence number to the
packet checksum to prevent an attacker from glueing a sequence number
from one packet into another. Without this binding, GSSAPI's replay
detection is broken.
As such, The MIT Kerberos Team has decided not to implement
compatibility in our gss_verify_mic with the current Heimdal
behavior.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD8DBQE9yaAo/I12czyGJg8RAstWAJ9uNr7yfO95Zd/Thp3mi7dRK2zpnQCfd8y/
wOe3LRNzCG58MKbDzm+limo=
=sEOe
-----END PGP SIGNATURE-----
More information about the krbdev
mailing list