Projects/replay_cache_collision_avoidance and replay cache uses
Jeffrey Altman
jaltman at secure-endpoints.com
Mon Jan 5 16:51:37 EST 2009
Nicolas Williams wrote:
> In the case of KRB-PRIV/SAFE the best thing to do is to always use
> sequence numbers, not time, and to always assert sub-session keys. I'm
> not sure what protocols exist that use KRB-PRIV/SAFE much, but these
> come to mind:
>
> - kprop (but not iprop, which is RPC based) (uses sequence numbers)
> - kpasswd and RFC3244 (uses sequence numbers (at least in the MIT
> code-base)
> - set/change password v2 (I forget what the I-D says; I'll make sure it
> says to use sequence numbers)
>
> Are there others? (UName*It uses KRB-PRIV/SAFE, someone might want to
> check what it does. What about Zephyr and other Athena friends?)
Untold thousands of proprietary in-house applications.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20090105/a3549fd1/attachment.bin
More information about the krbdev
mailing list