summary of feedback on replay cache collision avoidance proposal
tlyu at MIT.EDU
Tue Dec 30 18:23:00 EST 2008
I have revised the project proposal page
to reflect some feedback.
Items that we appear to agree on:
* Hashing authenticator ciphertext is not a problem and is possibly
* Retaining the entire authenticator (either clear or ciphertext)
provides no security advantages.
* Binary data in extension is subject to truncation at null bytes by
old implementations, so we should avoid that.
* Whether to use a hash algorithm identifier: Greg has some convincing
arguments that we should not use one and should not incur the
additional complexity of implementing hash agility.
* General form of the extension encoding. We don't have to exactly
specify how future extensions will work as long as we don't paint
ourselves into a corner. I have suggested one (non-binary)
alternative on the project proposal page. The extension for the
hash currently includes a hash algorithm identifier, but I am not
strongly attached to the idea.
MIT Kerberos Consortium
More information about the krbdev