17 Dec
2003
17 Dec
'03
11:17 p.m.
On Thu, 26 Jan 1995, Perry E. Metzger wrote:
Kerberos per se isn't sufficient to defend against session hijacking attacks, you know. The situation in question is really insidious and requires packet-by-packet cryptographic authentication.
Do you really need to authenticate every packet? Isn't it enough to authenticate the party and perform a secure key exchange, then depend on the encryption (+ message authentication code for block ciphers) ? -Thomas