1995-01-27 - Re: CERT statement
Header Data
From: Thomas Grant Edwards <tedwards@src.umd.edu>
To: “Perry E. Metzger” <perry@imsi.com>
Message Hash: 205dfa55cdcd4758259432c8ae4c2d860c9dcdaa7500b7fe5fa6b6e0e1d521c0
Message ID: <Pine.SUN.3.91.950127134421.22225A-100000@thrash.src.umd.edu>
Reply To: <9501270006.AA17831@snark.imsi.com>
UTC Datetime: 1995-01-27 18:50:35 UTC
Raw Date: Fri, 27 Jan 95 10:50:35 PST
Raw message
From: Thomas Grant Edwards <tedwards@src.umd.edu>
Date: Fri, 27 Jan 95 10:50:35 PST
To: "Perry E. Metzger" <perry@imsi.com>
Subject: Re: CERT statement
In-Reply-To: <9501270006.AA17831@snark.imsi.com>
Message-ID: <Pine.SUN.3.91.950127134421.22225A-100000@thrash.src.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 26 Jan 1995, Perry E. Metzger wrote:
> Kerberos per se isn't sufficient to defend against session hijacking
> attacks, you know. The situation in question is really insidious and
> requires packet-by-packet cryptographic authentication.
Do you really need to authenticate every packet? Isn't it enough to
authenticate the party and perform a secure key exchange, then depend on
the encryption (+ message authentication code for block ciphers) ?
-Thomas
Thread
Return to January 1995
- Return to ““Ian Farquhar” <ianf@sydney.sgi.com>”
- Return to “Marc Horowitz <marc@cam.ov.com>”
- Return to ““Perry E. Metzger” <perry@imsi.com>”
Return to “Thomas Grant Edwards <tedwards@src.umd.edu>”
- 1995-01-26 (Thu, 26 Jan 95 13:39:44 PST) - Re: CERT statement - Marc Horowitz <marc@cam.ov.com>
- 1995-01-27 (Thu, 26 Jan 95 16:07:07 PST) - Re: CERT statement - “Perry E. Metzger” <perry@imsi.com>
- 1995-01-27 (Thu, 26 Jan 95 16:09:05 PST) - Re: CERT statement - Marc Horowitz <marc@cam.ov.com>
- 1995-01-27 (Thu, 26 Jan 95 16:23:19 PST) - Re: CERT statement - “Perry E. Metzger” <perry@imsi.com>
- 1995-01-27 (Fri, 27 Jan 95 10:50:35 PST) - Re: CERT statement - Thomas Grant Edwards <tedwards@src.umd.edu>
- 1995-01-27 (Fri, 27 Jan 95 10:53:30 PST) - Re: CERT statement - “Perry E. Metzger” <perry@imsi.com>
- 1995-01-27 (Fri, 27 Jan 95 11:09:38 PST) - Re: CERT statement - Thomas Grant Edwards <tedwards@src.umd.edu>
- 1995-01-27 (Fri, 27 Jan 95 11:32:12 PST) - Re: CERT statement - “Perry E. Metzger” <perry@imsi.com>
- 1995-01-27 (Fri, 27 Jan 95 11:09:38 PST) - Re: CERT statement - Thomas Grant Edwards <tedwards@src.umd.edu>
- 1995-01-27 (Fri, 27 Jan 95 10:53:30 PST) - Re: CERT statement - “Perry E. Metzger” <perry@imsi.com>
- 1995-01-27 (Thu, 26 Jan 95 16:09:05 PST) - Re: CERT statement - Marc Horowitz <marc@cam.ov.com>
- 1995-01-30 (Sun, 29 Jan 95 16:03:30 PST) - Re: CERT statement - “Ian Farquhar” <ianf@sydney.sgi.com>
- 1995-01-27 (Thu, 26 Jan 95 16:07:07 PST) - Re: CERT statement - “Perry E. Metzger” <perry@imsi.com>