[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)

To: ietf-kink@xxxxxxxx
Subject: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
From: "KAMADA Ken'ichi" <kamada@xxxxxxxxxx>
Date: Wed, 30 Nov 2005 11:42:00 +0900
Cc: ietf-krb-wg@xxxxxxx
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
References: <541E2F6964443FE48495C910@bistromath.pc.cs.cmu.edu> <> <9976DC82CBFEFFEEE619CA06@sphinx.andrew.cmu.edu> <>
Sender: owner-ietf-kink@xxxxxxxxxxxxx
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/22.0.50 (i386-unknown-netbsdelf3.99.9) MULE/5.0 (SAKAKI)

At Tue, 29 Nov 2005 15:39:04 -0600,
Nicolas Williams <Nicolas.Williams@xxxxxxx> wrote:
> 
> > I did notice that section 4.2.7 KINK_ENCRYPT does not specify what key is 
> > used, only that it
> > "is encrypted using the encryption algorithm specified by the etype of the 
> > session key"
> 
> Hmmm, mumble, mumble, reflection attacks, mumble, mumble.
> 
> Shouldn't KINK derive separate keys for each direction for the "cksum"
> and KINK_ENCRYPT payload fields?  Or is there inherent protection from
> reflection attacks in the actual message flow?

The KINK_ENCRYPT payload is tied with AP-REQ (or AP-REP) with the
Cksum field.
I thought it is enough to prevent reflection.  Isn't it?

-- 
KAMADA Ken'ichi <kamada@xxxxxxxxxx>

Follow-Ups:
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: Sam Hartman

References:
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: Nicolas Williams
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: Nicolas Williams

Prev by Date: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Next by Date: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Previous by thread: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Next by thread: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Index(es):
- Date
- Thread