Re: gss userauth

To: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Subject: Re: gss userauth
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Tue, 26 Aug 2003 17:14:28 -0400

On Tuesday, August 26, 2003 13:56:18 -0700 Nicolas Williams<Nicolas.Williams%sun.com@localhost> wrote:

(2) Add an additional step in which the client is required to send a MIC
of the session ID before authentication can succeed.  This is
essentially the same as what we do in key exchange, but in the reverse
direction.


This MIC can be sent as soon as the context is GSS_C_PROT_READY, on
whichever side it's PROT_READY first.  Though, it may be easiest to fit
it into the last message from the client.

No; the direction actually matters. A MIC sent from the server to theclient does not serve to bind the session to the client's identity, andthus does not solve the problem we are trying to address.

Follow-Ups:
- Re: gss userauth
  - From: Nicolas Williams

References:
- RE: gss userauth
  - From: Joseph Salowey
- RE: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Nicolas Williams

Prev by Date: Re: gss userauth
Next by Date: Re: gss userauth
Previous by Thread: Re: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index