Re: SSL and Kerberos

• Previous message: Peter Kirby: "Re: LKM Trojan installed"
• In reply to: Seth Arnold: "Re: SSL and Kerberos"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 10 Feb 2003 09:32:36 -0700 (MST)
From: Chris Ricker <kaboom@gatech.edu>
To: focus-linux@securityfocus.com

On Fri, 7 Feb 2003, Seth Arnold wrote:

> The SSL handshake involves computing shared values from random sources
> of information. So the handshake will look different with every SSL
> connection. By the time that the application's data (login/passwd) is
> sent, the two sides have negotiated a new shared key for the connection,
> and are using new random initialization vectors, to ensure that
> dictionary attacks and reply attacks cannot take place.
>
> Where SSL and Kerberos make the most sense is when you'd like the
> traffic of the session to be private to the two endpoints. Kerberos does
> a good job of providing authentication, but does nothing for secrecy of
> the established connection. SSL can actually do both authentication and
> secrecy, but is lacking the centralized framework of Kerberos.

Kerberos does secrecy as well -- most common Kerberized protocols provide
an option to encrypt the entire session after authentication. Look at, for
example, the -x and encrypt options to ktelnet.

later,
chris

• Next message: Simon Thornton: "RE: openSSL Key generation"
• Previous message: Peter Kirby: "Re: LKM Trojan installed"
• In reply to: Seth Arnold: "Re: SSL and Kerberos"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SSL question (event id 36880) ... Often SSL is performed over the internet, ... Please do not send email directly to this alias. ... > client side SSL handshake that it would more than likely ... >>client side SSL handshake. ... (microsoft.public.security) Re: mod_auth_kerb+ apacahe+kerberos ... But when i m trying to install "apachae with ssl ",i m getting some error. ... redhat specific and has nothing to do with kerberos or auth. ... (comp.protocols.kerberos) Re: SSL, plain text encoding, no cert ... >> Number three is that SSL sends too much in the clear. ... > Could you elaborate on that one? ... > I know the SSL handshake is unencrypted, ... It makes the public key obvious. ... (sci.crypt) SSL and Kerberos ... Is there any rational in using SSL and kerberos? ... Let's say I have a service that you log into using SSL. ... Since the public key and private keys are the same and the handshake is the ... sniffer of the packets I can't read them. ... (Focus-Linux) RE: SSL and Data Integrity ... us;257591 which is a description of the SSL ... "The SSL handshake is now complete and the ... The client and the server use the session ... sufficient to assume that the integrity of a large file ... (microsoft.public.security)