RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Rejected (1)

RFC 1510, "The Kerberos Network Authentication Service (V5)", September 1993

Note: This RFC has been obsoleted by RFC 4120, RFC 6649

Source of RFC: cat (sec)

Errata ID: 3084
Status: Rejected
Type: Editorial
Publication Format(s) : TEXT

Reported By: Jennifer Black
Date Reported: 2012-01-05
Rejected by: Stephen Farrell
Date Rejected: 2012-01-05

Section 1.2 says:



   +    "Denial of service" attacks are not solved with Kerberos.  There
        are places in these protocols where an intruder intruder can
        prevent an application from participating in the proper
        authentication steps.  Detection and solution of such attacks
        (some of which can appear to be not-uncommon "normal" failure
        modes for the system) is usually best left to the human
        administrators and users.

It should say:



   +    "Denial of service" attacks are not solved with Kerberos.  There
        are places in these protocols where an intruder can
        prevent an application from participating in the proper
        authentication steps.  Detection and solution of such attacks
        (some of which can appear to be not-uncommon "normal" failure
        modes for the system) is usually best left to the human
        administrators and users.

Notes:

Intruder appeared twice.

While that certainly can happen in practice, I don't think the author meant to allude to that possibility. :)
--VERIFIER NOTES--
Already fixed in 4120 which obsoletes this.

Report New Errata



Advanced Search