[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml-schema-authn-context-kerberos-1.0.xsduploaded
Tim, I can't claim to know everything that the original author was thinking of when he created these categories for the authentication context, but my understanding of the "dynamic" nature of this particular plaintext is that some piece of dynamically-generated information is included in the plaintext that is encrypted with the session key - so, the timestamp, that I believe is included in the "plaintext", would qualify as dynamic plaintext... - JohnK ext Tim Alsop wrote: >John, > >The words 'shared secret' are definitely applicable to Kerberos, but I >am not sure what is meant by 'dynamic' or 'plaintext' in this context. >All ciphers involve some form of plaintext and ciphertext, so what is >dynamic about the plaintext used during Kerberos authentication ? > >Cheers, >Tim. > >-----Original Message----- >From: John Kemp [mailto:john.kemp@nokia.com] >Sent: 07 July 2004 14:35 >To: Tim Alsop >Cc: security-services@lists.oasis-open.org >Subject: Re: [security-services] Groups - >sstc-saml-schema-authn-context-kerberos-1.0.xsd uploaded > >Hi Tim, > >ext Tim Alsop wrote: > > > >>It is not clear to me why references are made to challenge response - >>can you explain this element and how it would be used with Kerberos >>authentication ? >> >> >> >> >> >I had modelled the Kerberos protocol as a challenge-response using a >shared secret (<SharedSecretChallengeResponse>), but I think this is >actually incorrect, and it should be modelled as ><SharedSecretDynamicPlaintext>. > >Thoughts? > >Cheers, > >- JohnK > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]