errata logo graphic

Found 1 record.

Status: Rejected (1)

RFC1510, "The Kerberos Network Authentication Service (V5)", September 1993

Note: This RFC has been obsoleted by RFC4120 RFC6649

Source of RFC: cat (sec)

Errata ID: 3084

Status: Rejected
Type: Editorial

Reported By: Jennifer Black
Date Reported: 2012-01-05
Rejected by: Stephen Farrell
Date Rejected: 2012-01-05

Section 1.2 says:



   +    "Denial of service" attacks are not solved with Kerberos.  There
        are places in these protocols where an intruder intruder can
        prevent an application from participating in the proper
        authentication steps.  Detection and solution of such attacks
        (some of which can appear to be not-uncommon "normal" failure
        modes for the system) is usually best left to the human
        administrators and users.

It should say:



   +    "Denial of service" attacks are not solved with Kerberos.  There
        are places in these protocols where an intruder can
        prevent an application from participating in the proper
        authentication steps.  Detection and solution of such attacks
        (some of which can appear to be not-uncommon "normal" failure
        modes for the system) is usually best left to the human
        administrators and users.

Notes:

Intruder appeared twice.

While that certainly can happen in practice, I don't think the author meant to allude to that possibility. :)
--VERIFIER NOTES--
Already fixed in 4120 which obsoletes this.


Report New Errata