Projects/replay_cache_collision_avoidance and replay cache uses

[Nicolas Williams]

I agree that the replay cache should do better for KRB-PRIV/SAFE/CRED.
The rest of this is really off-topic, but I can't resist.

On Mon, Jan 05, 2009 at 05:16:46PM -0500, Sam Hartman wrote:
> The problem with sequence numbers is they depend on sequencing.
> krb-priv and -safe do not have an ESP-like window.  So, if you have a
> UDP application and you want to support out-of-order packets, you're
> stuck using time.

If you're using time then out-of-order delivery is OK and so
sequenceing with a sliding window (like the GSS mech) should do.

> Now if you use subsession keys and we could assume that the scope of a
> subsession key is a single authcontext, we would not need to write out
> replay data.

Indeed.

(And if one is careful then one could avoid use of the replay cache for
authenticators in the case of certain protocols, like RPCSEC_GSS.)

>               However that may be a bad assumption in some of the
> cases where krb-priv is most attractive.

I don't understand this last comment.  Are you saying that there are
apps that use KRB-PRIV but not sub-session keys?  Or that it is
sometimes desirable to do just that?  If the latter, when?

Nico
--