[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: text of Kerebos Channel binding and GSS-API (kerebos WG list)
Found another Point of view on the web.... - Channel binding Section 4, last paragraph (lines 214-215) says "It should be noted that transport-level security MAY be used to protect the message and the security token." I think this needs some clarification. Why should the AP-REQ message require additional protection from lower layers? From what sorts of attacks? What if no such protection is available? Shouldn't the session key from the AP-REQ be used to provide integrity protection to the S11 header? Or is this text indicating, obliquely I suppose, that it is possible to use this profile for authentication but rely on lower network layers for session protection? If the latter, note that there is a channel binding problem in that more normative text is needed to ensure that the end-points of the lower-layer channel and the application layer are effectively the same, else MITM attacks may be possible. [Note: I assume that the "transport-level security" is secure against MITM attacks, but MITM attacks may be feasible nonetheless by misdirecting the system/application so that one layer or the other it is speaking to an otherwise properly authenticated attacked.] This can be avoided with some additional requirements.<SNIP> http://www1.ietf.org/mail-archive/web/kitten/current/msg00496.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]