[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: application layer cross checking



It's because all the kerberized entities trust the TGA.
What you're proposing here is, let's use the key exchange
machanism we're using for IPsec, also for application
authentication. But it does not mean that one needs to
mix these two different matters.

Ramin

On Thu, May 03, 2001 at 02:28:57PM -0700, Michael Thomas wrote:

> Ramin Alidousti writes:
>  > Take ssh for instance. It guarantees the secure communication
>  > channel. It also passes the userid/username to the other end.
>  > But it does not mean that the sshd on the other end says:
>  > "Oh, Mr XYZ, I believe who you are and the doors are wide
>  > open. Please do come in".
> 
>    Not at all. As with Kerberos, if you pass the credentials
>    to the other side and key those packets under that session
>    key, it doesn't matter whether you send your username...
>    Unless the application stupidly believes that username
>    when cryptographically proveable credentials were available.
> 
>  > As I said before, even if the OS passes the user information,
>  > the other end NEEDS to challenge that id. 
> 
>    Challenge it in what way? If it's been cryptographically
>    been challenged at the IPsec layer, all I need to do
>    is do a strcmp to see if it matches the credentials it's
>    using at the application layer. That assumes a 1:1 
>    mapping, but that's likely to be just fine for many
>    applications.
> 
>  >  Application level
>  > authentication is not the same as AH/ESP authentication
>  > (as it stands).
> 
>    It's not necessarily the same, but it may be the same.
>    When it is, it relieves the application of having to
>    deal with identity -- which just about nothing gets
>    right. Also: I don't think this is any more of a layer violation
>    as passing up the IP address, etc, in recvfrom().
> 
>       Mike


References: