Proposal for using NAPTR/URI records
Nathaniel McCallum
npmccallum at redhat.com
Tue Feb 24 13:19:50 EST 2015
On Tue, 2015-02-24 at 11:15 -0600, Nico Williams wrote:
> I should add that I'm assuming that an MITM wouldn't be able to get
> away with modifying important bits of the protocol because we
> authenticate all contents (or all that matters). So the main
> problem would be information leaks and other problems with getting
> redirected, such as (stretching here) changing the trust anchors
> that the AS' PKINIT cert is to get validated to.
MITM attack isn't a property limited only to MS-KKDCP. It is possible
at pretty much every level. Any attack possible over MS-KKDCP is
possible pretty much everywhere. In fact, I consider MS-KKDCP *more*
secure given that it goes over TLS and the TLS connection is validated.
Frankly, I'd like to see us drop the TLS requirement for MS-KKDCP...
But now I'm really stirring the pot. :)
The point is that Kerberos should always presume that transport is
insecure. Given this, adding additional hoops for a transport that
provides authenticated encryption for at least part of the journey
seems wrong.
Nathaniel
More information about the krbdev
mailing list