SSL and Kerberos
From: Leland T. Snyder (ltsnyder@x3ci.com)
Date: 02/07/03
- Previous message: Max Schubert: "Re: Perl administration for Linux fileserver"
- Next in thread: Seth Arnold: "Re: SSL and Kerberos"
- Reply: Seth Arnold: "Re: SSL and Kerberos"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Leland T. Snyder" <ltsnyder@x3ci.com> To: <focus-linux@securityfocus.com> Date: Fri, 7 Feb 2003 12:23:15 -0500
Is there any rational in using SSL and kerberos? Let me explain before you
say no.
Let's say I have a service that you log into using SSL.
Since the public key and private keys are the same and the handshake is the
same (i.e. you know the first packets are for login/password) even thoe as a
sniffer of the packets I can't read them. I could still spoof the clients
encrypted packets and at least make the service think it has a valid client,
even thoe I still can read the packets (I just can fake the initial protocol
with the unreadable packets I sniffed). Since Kerberos has a time based
factor for the public key an additional level of security exists while SSL
lacks this.
Thanks in advance for your help.
-Leland
- Next message: Leland T. Snyder: "Re: openSSL Key generation"
- Previous message: Max Schubert: "Re: Perl administration for Linux fileserver"
- Next in thread: Seth Arnold: "Re: SSL and Kerberos"
- Reply: Seth Arnold: "Re: SSL and Kerberos"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
