CERT statement
Thomas Grant Edwards
tedwards at src.umd.edu
Fri Jan 27 10:50:35 PST 1995
On Thu, 26 Jan 1995, Perry E. Metzger wrote:
> Kerberos per se isn't sufficient to defend against session hijacking
> attacks, you know. The situation in question is really insidious and
> requires packet-by-packet cryptographic authentication.
Do you really need to authenticate every packet? Isn't it enough to
authenticate the party and perform a secure key exchange, then depend on
the encryption (+ message authentication code for block ciphers) ?
-Thomas
More information about the cypherpunks-legacy
mailing list