OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: KERBEROS PROFILE: ISSUE Ticket Granting Ticket

I believe that the Ticket Granting Ticket should be eliminated from the
Kerberos profile.

The only valid use for a TGT is with the Kerb key derrivation algorithm.
That has no place in WS-Security. If it does appear it would be in WS-Trust
or the like and not in WS-Security.

Encrypting a WS-Security message with a TGT could lead to cross protocol
attacks. Really bad voodoo. I propose that unless someone gives a good
reason to keep TGT in the Kerb profile and describes fully how to use it
that we should eliminate it.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]