Support for Microsoft Set Password protocol
Love
lha at stacken.kth.se
Wed Apr 2 10:39:31 EST 2003
Nicolas Williams <Nicolas.Williams at sun.com> writes:
> On Wed, Apr 02, 2003 at 05:13:23PM +0200, Love wrote:
>> Why must the API depend on the protocol ?
[....]
> Perhaps the API should optionally allow the application to select a
> single protocol version to use to avoid the downgrade attack.
I think that the API should specify that type of security the client
requests. Allow (pointless) downgrade attack, allow unauthenticated error
messages, etc.
Options for functionallity and security, not protocol type/version. Well, a
selection protocol option could exists, but that should be needed to be
specified.
Love
More information about the krbdev
mailing list