[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: KERBEROS PROFILE: ISSUE Ticket Granting Ticket
I believe that the Ticket Granting Ticket should be eliminated from the Kerberos profile. The only valid use for a TGT is with the Kerb key derrivation algorithm. That has no place in WS-Security. If it does appear it would be in WS-Trust or the like and not in WS-Security. Encrypting a WS-Security message with a TGT could lead to cross protocol attacks. Really bad voodoo. I propose that unless someone gives a good reason to keep TGT in the Kerb profile and describes fully how to use it that we should eliminate it.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]