Re: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
Sam Hartman <hartmans-ietf@mit.edu> Thu, 18 August 2011 22:22 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BCBC11E80BD; Thu, 18 Aug 2011 15:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.836
X-Spam-Level:
X-Spam-Status: No, score=-103.836 tagged_above=-999 required=5 tests=[AWL=-1.571, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xu1qE2v-1ygF; Thu, 18 Aug 2011 15:22:31 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id 9C69611E80B9; Thu, 18 Aug 2011 15:22:31 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 680272016A; Thu, 18 Aug 2011 18:25:44 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 5686B42B7; Thu, 18 Aug 2011 18:23:15 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Russell J Yount <rjy@cmu.edu>
References: <EBDDC31C-A2D0-4FF5-8EE8-D7061EA23805@kumari.net> <tslhb5e31v8.fsf@mit.edu> <26BE721B42199440805DB836552EA796053F1A@PGH-MSGMB-03.andrew.ad.cmu.edu>
Date: Thu, 18 Aug 2011 18:23:15 -0400
In-Reply-To: <26BE721B42199440805DB836552EA796053F1A@PGH-MSGMB-03.andrew.ad.cmu.edu> (Russell J. Yount's message of "Thu, 18 Aug 2011 21:24:14 +0000")
Message-ID: <tslk4aa1hrg.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "draft-yount-krb-cred-clear-text.all@tools.ietf.org" <draft-yount-krb-cred-clear-text.all@tools.ietf.org>, Sam Hartman <hartmans-ietf@mit.edu>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2011 22:22:32 -0000
>>>>> "Russell" == Russell J Yount <rjy@cmu.edu> writes: Russell> Sam, I was thinking an intermediate node resending a number Russell> KRB-CRED messages could substitute previously received Russell> KRB-CRED messages. Russell> Eg. Node receives Joe's credentials and forwards Joe's Russell> credential. Node receives Jill's credentials and forwards Russell> Joe's credential. Whatever action Jill credentials where Russell> be used to perform now would be performed as Joe. Right such can happen. Part of hop-by-hop security is trusting the hops. There are situations where this is appropriate and situations where it is entirely inappropriate.
- [secdir] secdir review of draft-yount-krb-cred-cl… Warren Kumari
- Re: [secdir] secdir review of draft-yount-krb-cre… Sam Hartman
- Re: [secdir] secdir review of draft-yount-krb-cre… Sam Hartman
- Re: [secdir] secdir review of draft-yount-krb-cre… Russell J Yount