Comments on the checksum vulnerabilities
hartmans at MIT.EDU
Fri Dec 3 13:57:54 EST 2010
>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
Greg> On Fri, 2010-12-03 at 13:31 -0500, Sam Hartman wrote:
>> Are there any differences between the Heimdal and MIT style
>> checks for current checksums?
Greg> Not really; I guess this isn't really a practical issue as
Greg> long as enctypes and checksums continue to be introduced in
Greg> lock step.
I think that's my argument.
The two models are likely to be the same unless we introduce a checksum
that is not in lock step with an enctype.
It would be difficult to do that for the reasons Greg described.
However if we did that, I'm not sure why we'd want the Heimdal model.
So, if the Heimdal model is easier to implement, I'm happy to switch to
it. I just think conceptually we'd be using the MIT model in the sense
that if we intentionally were to introduce a checksum that was a second
checksum for an enctyype, I'd expect us to permit code to work with that
checksum at the same time we introduced it.
More information about the krbdev