Can we sort preauth data in an AS reply
Nicolas.Williams at sun.com
Tue Oct 3 15:19:38 EDT 2006
On Tue, Oct 03, 2006 at 02:40:12PM -0400, Sam Hartman wrote:
> Under what circumstances is it reasonable for a client to process
> padata out of order? I'd assume it is reasonable to process any
> padata in a preauth_needed error that has no associated data out of
> order, but what about other circumstances?
That seems like a question for the KRB WG list. My tentative answer:
it'd be best if we could rely on ordered processing of padata, where the
order in which it's processed is the order in which it appears in the
PDU. BUT, from a security analysis point of view, for now we must
assume that padata have been re-ordered in-flight.
More information about the krbdev