Re: Security impact of removing timestamp check in rd

samba-technical@lists.samba.org

Re: Security impact of removing timestamp check in rd_rep()

from [Sam Hartman]

Subject:	Re: Security impact of removing timestamp check in rd_rep()
From:	Sam Hartman
Date:	Mon, 16 May 2005 11:31:24 -0400

>>>>> "Andrew" == Andrew Bartlett <abartlet@xxxxxxxxx> writes:

    Andrew> I've been thinking about this, and would like a reality
    Andrew> check:

    Andrew> If krb5 had included this originally (assume it was
    Andrew> mandatory), this would have eliminated the need for the
    Andrew> reply cache, right?

Yep, and a lot of us wish krb5 had included this from the beginning.


Note that there are a lot of protocols for which this would be
inappropriate.  For example multimedia keying really seems to want to
do things in one round trip.  However when available it would be nice
to get rid of the replay cache.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Security impact of removing timestamp check in rd_rep(), Andrew Bartlett Re: Security impact of removing timestamp check in rd_rep(), Luke Howard Message not available Re: Security impact of removing timestamp check in rd_rep(), Andrew Bartlett Re: Security impact of removing timestamp check in rd_rep(), Luke Howard Re: Security impact of removing timestamp check in rd_rep(), Sam Hartman Message not available Re: Security impact of removing timestamp check in rd_rep(), Sam Hartman <=

Previous by Date:	Re: Security impact of removing timestamp check in rd_rep(), Sam Hartman
Next by Date:	Current ideas on kerberos requirements for Samba4, Andrew Bartlett
Previous by Thread:	Re: Security impact of removing timestamp check in rd_rep(), Sam Hartman
Next by Thread:	Yodal-included build farm failures, Andrew Bartlett
Indexes:	[Date] [Thread] [Top] [All Lists]