Bugtraq mailing list archives
Re: Plain text passwords--necessary
From: dfinkels () SIAC COM (Daniel Alex Finkelstein)
Date: Mon, 19 Apr 1999 18:23:14 -0400
And we could go even further: certificates. The DCE-PKI RFC 68.4 takes Kerberos to a new level: certificate-granting-certificates. This RFC specifies the extension of DCE (particularly the Kerberos part) to include certificate capabilities. I'd provide the URL to the RFC, but it seems to have vanished from all the usual sites... On Mon, 19 Apr 1999, Trevor Schroeder wrote:
It seems to me that a lot of this could be avoided using tickets similar to Kerberos. We have a trusted third party (TTP) that receives your credentials once and returns a ticket for a set of services with a given lifetime. This ticket is good only within a certain context (certain services, servers, clients, times, dates, you name it and it can be rolled into the ticket). That way if the ticket is compromised, it is of limited use (versus a full blown password with may be useful in other contexts.)
Daniel Alex Finkelstein New Technologies phone 212-383-2951 pager 917-427-1630 fax 212-383-3289 Securities Industry Automation Corporation
Current thread:
- bug in ssh allowing to be invissible, (continued)
- bug in ssh allowing to be invissible Grzegorz Stelmaszek (Apr 19)
- Re: bug in ssh allowing to be invissible Pete (Apr 20)
- Re: bug in ssh allowing to be invissible Joe Gross (Apr 20)
- NetBSD Security Advisory 1999-009 matthew green (Apr 20)
- Bash Bug Shadow (Apr 20)
- Re: Bash Bug Marc Lehmann (Apr 21)
- Re: Bash Bug Pavel Kankovsky (Apr 22)
- Re: Bash Bug Chet Ramey (Apr 22)
- L0pht Security Advisory: Cold Fusion App Server Weld Pond (Apr 21)
- Re: Plain text passwords--necessary Densin Roy. (Apr 19)
- Re: Plain text passwords--necessary Daniel Alex Finkelstein (Apr 19)
- AOL Instant Messenger URL Crash Adam Brown (Apr 19)
- Re: AOL Instant Messenger URL Crash Daniel Reed (Apr 20)
- Shopping Carts exposing CC data Joe (Apr 19)
- Re: Shopping Carts exposing CC data Joe (Apr 20)
- Outlook 98 allows spoofing internal users Nate Lawson (Apr 20)
- Re: Outlook 98 allows spoofing internal users Peter van Dijk (Apr 25)
- Re: Shopping Carts exposing CC data Louis R. Marascio (Apr 20)
- eBay password stealing with JavaScript Michael K. Sanders (Apr 20)
- Re: eBay password stealing with JavaScript Paul Festa (Apr 21)
- Bug in Linux Mount Jacek Konieczny (Apr 20)