IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: gss userauth
I'm in favor of using channel bindings for this purpose.
CCM could be one approach to do this.
http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-ccm-01.txt
At first glance it seems a little complex, but I need to actaully read
the spec.
Joe
> -----Original Message-----
> From: ietf-ssh-owner%NetBSD.org@localhost
> [mailto:ietf-ssh-owner%NetBSD.org@localhost] On Behalf Of Joel N. Weber II
> Sent: Friday, August 22, 2003 9:45 AM
> To: Love
> Cc: ietf-ssh%NetBSD.org@localhost
> Subject: Re: gss userauth
>
>
> > I've pointed out this to the authors privatly, so I'll repeat this
> > publicly. I consider gss userauth to be broken since it
> doesn't verify
> > the session id (using either mic or a channel bindings
> (like in CCM)).
>
> I'd not previously realized this, having not read that
> section of the gss spec, but that does appear to me to be
> true, and I do agree that it is something that should be fixed.
>
> (I'm sending this message primarily because my understanding
> is that ``me toos'' are useful in determining what the
> working group consensus
> is.)
>
>
>
Home |
Main Index |
Thread Index |
Old Index