Adam Megacz wrote: > Right. I guess the question I'm asking is can this be made robust > enough that the KDC can issue tickets for certs certified by a CA who > might decide to try to overload the KDC by issuing a bajillion "spam > certificates" and ask for a principal to be allocated for each one of > them, thereby filling up the KDC's disk if it needs to keep an on-disk > record of all principals for whom it has issued tickets.
In this case the proper response would be to stop issuing new principals and page an Administrator who would likely take the CA off the trust list. You are assuming of course that the KDC is trusting a CA that would be in a position to perform that type of attack. Do you envision a model in which every realm is willing to issue principals for client certificates issued by every CA? For me that would be an auditing nightmare as the same certificate could be used to obtain N Kerberos principals. Jeffrey Altman P.S. - This discussion is extremely off-topic for this list. Can we please move it somewhere appropriate? I suggest the [email protected] mailing list.
smime.p7s
Description: S/MIME Cryptographic Signature
