CERT statement

Perry E. Metzger perry at imsi.com
Thu Jan 26 16:07:07 PST 1995



Marc Horowitz says:
> You're exactly right.  However, getting people to deploy real security
> systems is nearly impossible.  My company sells a kerberos system, and
> although everyone is saying they want security, nobody really
> understands what this means, and as soon as we tell them that it
> actually involves effort, they become far less interested.

Kerberos per se isn't sufficient to defend against session hijacking
attacks, you know. The situation in question is really insidious and
requires packet-by-packet cryptographic authentication.

Perry






More information about the cypherpunks-legacy mailing list