Proposal for using NAPTR/URI records

Simo Sorce simo at
Tue Feb 24 13:24:19 EST 2015

On Tue, 2015-02-24 at 13:19 -0500, Nathaniel McCallum wrote:
> On Tue, 2015-02-24 at 11:15 -0600, Nico Williams wrote:
> > I should add that I'm assuming that an MITM wouldn't be able to get 
> > away with modifying important bits of the protocol because we 
> > authenticate all contents (or all that matters).  So the main 
> > problem would be information leaks and other problems with getting 
> > redirected, such as (stretching here) changing the trust anchors 
> > that the AS' PKINIT cert is to get validated to.
> MITM attack isn't a property limited only to MS-KKDCP. It is possible 
> at pretty much every level. Any attack possible over MS-KKDCP is 
> possible pretty much everywhere. In fact, I consider MS-KKDCP *more* 
> secure given that it goes over TLS and the TLS connection is validated.
> Frankly, I'd like to see us drop the TLS requirement for MS-KKDCP... 
> But now I'm really stirring the pot. :)
> The point is that Kerberos should always presume that transport is 
> insecure. Given this, adding additional hoops for a transport that 
> provides authenticated encryption for at least part of the journey 
> seems wrong.

It seem to me the problem here is understanding what assumptions are
being made here.

Nico, can you state on which assumptions you are making your comments ?
I can't see any *additional* attack introduced by MS-KKDCP, but it seem
you are assuming MS-KKDCP introduces additional assumptions I may not be
aware of.

Care to clarify ?


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list