Authdata, preauth plugin headers
Linus Nordberg
linus at nordu.net
Mon Jun 13 10:47:55 EDT 2011
Sam Hartman <hartmans at MIT.EDU> wrote
Fri, 10 Jun 2011 13:13:34 -0400:
| Forc this protocol accepting replays is probably a bad idea.
What kind of OTP systems are vulnerable to replay attacks?
And what are the replay attacks? Could it be something else than
gaining a ticket, f.ex. desynchronising? Do we have replay attacks on
_parts_ of the chain that we have to protect against?
The OTP preauth draft touches on the subject in section 6.4 but I think
I'd need some more thoughts.
More information about the krbdev
mailing list