[kitten] One question about Kerberos Protocol in the RFC 4120
bc a <mrcatcrack@gmail.com> Wed, 18 August 2021 15:54 UTC
Return-Path: <mrcatcrack@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 30F473A1F75
for <kitten@ietfa.amsl.com>; Wed, 18 Aug 2021 08:54:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.551
X-Spam-Level:
X-Spam-Status: No, score=-0.551 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_IMAGE_ONLY_20=1.546, HTML_IMAGE_RATIO_02=0.001,
HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id JFn_spiTXYi0 for <kitten@ietfa.amsl.com>;
Wed, 18 Aug 2021 08:53:59 -0700 (PDT)
Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com
[IPv6:2607:f8b0:4864:20::330])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 3B77C3A1F6F
for <kitten@ietf.org>; Wed, 18 Aug 2021 08:53:59 -0700 (PDT)
Received: by mail-ot1-x330.google.com with SMTP id
108-20020a9d01750000b029050e5cc11ae3so4658905otu.5
for <kitten@ietf.org>; Wed, 18 Aug 2021 08:53:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=Anca3rMpPnEi5k9lEPZp1iNRZ5QVNL1VvcUazqPmGlg=;
b=F8j3iQZRx2XCmmQUte835nTOxR5pEPhrcXbMqgkT1bdVzpEt6wGB27hnqfsL+vK6Y0
jlIwUgUFyGzEiilKgGFpOYpn7BBADZMpi+KfurwvpT64xqYCxXE8nI6Qe9X2vrwRqFrc
zp1bQ/su1mnzRJIBh/M1ofaZLcyLmaXVhPzhOUe5HbRRMOFDj3zsRz7Kl00413Oai8K6
4qNMEYhSUPpNz9EP14M3eIGa357ce/OFeqKzsbxRIUgdDtb5gFjEbW7d9xGABEUP7ZQn
3iGCxBUiTLiHkLT9O4sH/9SQWz73VDF4l9OheUME3j15FzoZ7r6WBqNrr3AjTyf2BIHP
P/dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=Anca3rMpPnEi5k9lEPZp1iNRZ5QVNL1VvcUazqPmGlg=;
b=OhDWuUpyQsefjDYoIdaO7w6G7yxLwObAdf+z6KSV5A7tEs73V8wLGZ3GDqoA3KkCpz
Zzr6liUCHJn6sq4G8KvFq6xbPcWoZ1RaWfJzlBRB+y1m8575Wg5KojSdU40n7jROO+gb
MkJPWQ/wPeqkanzN4f5DZw+huG5rji2m/67nVz+7LTqYDYXVo4unz3rKJdMrds4hf7p0
I8oJUkt2g74e5bFF4wxJ082gMKfO86g8YqoGGtwOZdr+knyigpFYwVfkYtcAZcP8iurI
u5ZrJz7e6+zKbdcTqA194rP9srXjFF1z0IEY1NNTUPVtjyaoNR9FcrPcNuBuMfUXWCpp
1mjA==
X-Gm-Message-State: AOAM531jW8vx2R4YDZOk0HxrRZgJdxWYrcFQAf4pLnZO/M0wR2HW6Im6
cl7/sirIwk75PvQ2MOj+mZPlNF70eNmIRz0AdRALAx5CshbnzQ==
X-Google-Smtp-Source: ABdhPJyCNXzyYK23OIVOf6BrkOBwyH6MVCyg8a0PTGMN1rgQTfcvoACK3luIosDCvxC/FtEKLCnQihqdmJ4m66GqOMo=
X-Received: by 2002:a05:6830:40c7:: with SMTP id
h7mr7605900otu.334.1629302037068;
Wed, 18 Aug 2021 08:53:57 -0700 (PDT)
MIME-Version: 1.0
From: bc a <mrcatcrack@gmail.com>
Date: Wed, 18 Aug 2021 23:53:47 +0800
Message-ID: <CAD8oZZEofs7pYoiVJThme1iOrUZ5rmqi8L9ur-wHirr6QJTt0g@mail.gmail.com>
To: kitten@ietf.org
Content-Type: multipart/related; boundary="00000000000027321c05c9d771af"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/5Yk9cBBjdNhLbYbMq8XbC-0_zUg>
X-Mailman-Approved-At: Wed, 18 Aug 2021 10:41:04 -0700
Subject: [kitten] One question about Kerberos Protocol in the RFC 4120
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>,
<mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>,
<mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2021 16:22:34 -0000
Dear Kitten members, I'm Xiaoxing Xu and I'm a cyber security researcher from China. I had a question about Kerberos v5 when I read the RFC 4120 paper, which expects you to get your reply. The question is, I see the "key" appears in the "enc-part" field in the "tickets" chapter of section 5.3, just like the first picture shows, and the "key" is used to pass the session key. So we can think the authentication server creates a session key and put it in the "enc-part" of the "tickets" field in the AS-REQ phrase. [image: image.png] Then in the section 5.4.2, I found that there is also a "key" exists in the "enc-part" of "KDC-REP", that is to say, there is also a "key" in the "enc-part" of the AS-REP phase, not the "enc-part" of the "ticket". So I want to know whether it can be considered that the authentication server creates two "keys" in the AS-REP phase, one in the "enc-part" of the "ticket" field, and the other one is in the separate "enc-part" , And whether these two "key" values are the same? Thank you so much for your help. [image: image.png] Best regards Xiaoxing Xu
- [kitten] One question about Kerberos Protocol in … bc a
- Re: [kitten] One question about Kerberos Protocol… Derek Atkins
- Re: [kitten] One question about Kerberos Protocol… Greg Hudson
- Re: [kitten] One question about Kerberos Protocol… Derek Atkins
- Re: [kitten] One question about Kerberos Protocol… bc a