Projects/replay_cache_collision_avoidance and replay cache uses
Nicolas.Williams at sun.com
Mon Jan 5 17:22:45 EST 2009
I agree that the replay cache should do better for KRB-PRIV/SAFE/CRED.
The rest of this is really off-topic, but I can't resist.
On Mon, Jan 05, 2009 at 05:16:46PM -0500, Sam Hartman wrote:
> The problem with sequence numbers is they depend on sequencing.
> krb-priv and -safe do not have an ESP-like window. So, if you have a
> UDP application and you want to support out-of-order packets, you're
> stuck using time.
If you're using time then out-of-order delivery is OK and so
sequenceing with a sliding window (like the GSS mech) should do.
> Now if you use subsession keys and we could assume that the scope of a
> subsession key is a single authcontext, we would not need to write out
> replay data.
(And if one is careful then one could avoid use of the replay cache for
authenticators in the case of certain protocols, like RPCSEC_GSS.)
> However that may be a bad assumption in some of the
> cases where krb-priv is most attractive.
I don't understand this last comment. Are you saying that there are
apps that use KRB-PRIV but not sub-session keys? Or that it is
sometimes desirable to do just that? If the latter, when?
More information about the krbdev