Sam Hartman <hartmans%mit.edu@localhost> writes: > The mechanism does as good of a job as it can for such cases. In such > cases, GSSAPI tokens are like one-time passwords. We know that if an > attacker manages to tunnel them or otherwise get ahold of the token > before the token reaches the server (and the server's replay cache), > then the token can be used by the attacker. It could do better if it did channel bindings with session identifier in application data using GSS_C_AF_NULLADDRs. Then gss mechs without integrity support but with (in gss spec optional) channel binding support would not be vulnerable to tunneling. But then again, this (also) would break backward compability. Love
Attachment:
pgpQKJtmKlJeX.pgp
Description: PGP signature