Re: Ambiguities in section 3.1 of the keyboard-interactive draft

To: Damien Miller <djm%mindrot.org@localhost>, Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: Ambiguities in section 3.1 of the keyboard-interactive draft
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Thu, 30 Sep 2004 12:12:30 -0400

On Thursday, September 30, 2004 17:24:17 +1000 Damien Miller<djm%mindrot.org@localhost> wrote:

I'm not sure what you would have us do: kbdint doesn't seem to provide a
way for a server to report supported methods to a client and I don't
think it is correct to just ignore what a client has specified and
continue with a random method that the server picks.

Indeed. Imagine the scenario where a user has a Kerberos password and somekind of challenge/response token. Now, suppose the user comes in to workand leaves the token home. He wants to use Kerberos, so he sends asubmethod list containing "kerb5". The server doesn't support "kerb5",because the method is called "krb5".


Now, should the server
(a) fail the exchange, reporting that it can't support any of the methods
   the user asked for
(b) continue by arbitrarily selecting the method that requires the
   challenge/response token which the user left at home

?

References:
- Re: Ambiguities in section 3.1 of the keyboard-interactive draft
  - From: Peter Gutmann
- Re: Ambiguities in section 3.1 of the keyboard-interactive draft
  - From: Damien Miller

Prev by Date: Re: Ambiguities in section 3.1 of the keyboard-interactive draft
Next by Date: Re: Ambiguities in section 3.1 of the keyboard-interactive draft
Previous by Thread: Re: Ambiguities in section 3.1 of the keyboard-interactive draft
Next by Thread: Re: Ambiguities in section 3.1 of the keyboard-interactive draft
Indexes:

Home | Main Index | Thread Index | Old Index