Hi, I have a further question referring to the following part of the previous conversation.
>> So the security of the whole tunnel is based on the strength of the >> long-term host key. > >Yes. Why is the armor built and why don't they use simply the long-term key of the host? >From my current point of view they want a fresh armorkey for each conversation >to decrease the vulnerability to replay attacks. But referring to page 31 of >the RFC 6113 a nonce is included in the client request. So the chance to mount >a replay attack should be decreased already. Are there any other advantages >that come up with the generation of the armor key? Regards, Simon ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
