Projects/replay_cache_collision_avoidance and replay cache uses

Greg Hudson ghudson at MIT.EDU
Tue Jan 6 20:03:28 EST 2009

On Mon, 2009-01-05 at 15:34 -0600, Nicolas Williams wrote:
> If it's easy enough, sure.  But just so we're clear: KRB-PRIV/SAFE are
> not (or should not be) remotely the motivator for this project.

It's not terribly easy in all cases; sometimes, internal abstraction
barriers would have to be changed to make the appropriate data available
to the code which sets up the replay cache record.

After some discussion, I'm changing my plan regarding these other uses
of the replay cache.  For now, they won't supply message hashes, which
means they won't cause extension records to be written.  Only rd_req
will supply a message hash.  The door will still be open to making the
other uses supply message hashes in the future, of course.

If people know of real-life problems involving false positive replays on
mk_priv/rd_priv, mk_safe/rd_safe, mk_cred/rd_cred, or
verify_sam_response, speak up and I'll reconsider.

More information about the krbdev mailing list