Grant Taylor <[email protected]> writes:
> On 01/07/2019 10:53 AM, Russ Allbery wrote:
>> The standard solution for this is FAST, which protects the initial
>> authentication against this attack. (You do need some other credential
>> to set up the FAST tunnel, but you can use anonymous Diffie-Hellman via
>> anonymous PKINIT, or you can use a randomized key.)
> Would you please expand (what I assume is) the FAST acronym? I expect
> that there will be quite a few phonetic collisions searching for "FAST".
I think it stands for Flexible and Secure Tunneling. It's defined in:
https://tools.ietf.org/html/rfc6113.html
The keywords "kerberos fast" in Google seem to turn up the right stuff
(rather more than I had expected; I like you was expecting that to be
drowned by performance stuff).
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
