Proposal for using NAPTR/URI records
Simo Sorce
simo at redhat.com
Tue Feb 24 13:24:19 EST 2015
On Tue, 2015-02-24 at 13:19 -0500, Nathaniel McCallum wrote:
> On Tue, 2015-02-24 at 11:15 -0600, Nico Williams wrote:
> > I should add that I'm assuming that an MITM wouldn't be able to get
> > away with modifying important bits of the protocol because we
> > authenticate all contents (or all that matters). So the main
> > problem would be information leaks and other problems with getting
> > redirected, such as (stretching here) changing the trust anchors
> > that the AS' PKINIT cert is to get validated to.
>
> MITM attack isn't a property limited only to MS-KKDCP. It is possible
> at pretty much every level. Any attack possible over MS-KKDCP is
> possible pretty much everywhere. In fact, I consider MS-KKDCP *more*
> secure given that it goes over TLS and the TLS connection is validated.
>
> Frankly, I'd like to see us drop the TLS requirement for MS-KKDCP...
> But now I'm really stirring the pot. :)
>
> The point is that Kerberos should always presume that transport is
> insecure. Given this, adding additional hoops for a transport that
> provides authenticated encryption for at least part of the journey
> seems wrong.
It seem to me the problem here is understanding what assumptions are
being made here.
Nico, can you state on which assumptions you are making your comments ?
I can't see any *additional* attack introduced by MS-KKDCP, but it seem
you are assuming MS-KKDCP introduces additional assumptions I may not be
aware of.
Care to clarify ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list