> On Wed, 2011-08-24 at 07:42 -0400, 1983-01-06_at_gmx.net wrote:
> > Are you refering to sole Kerberos or are you just concerned about
> > transport encryption? Your statement somewhat irritates me.
> > Given that the HTTP traffic cannot be securely wrapped into the GSS
> > content and nor the SASL QOP can be set (like for LDAP), I would
> > neglect that and still say TLS is not of your concern but of mine or
> > the users in general.
>
> Any authentication-only mechanism used over an insecure channel is
> vulnerable to MITM attacks which preserve the authentication and change
> the data. Of course, this applies to HTTP basic and digest over raw
> HTTP just as much as it does to negotiate, so perhaps it doesn't make
> sense to restrict negotiate auth to HTTPS only on this basis alone.
>
> A further concern with HTTP negotiate is that it is scoped to the TCP
> connection and not to a single HTTP request. Ignorant proxies may
> combine TCP connections for multiple users' requests and inadvertently
> authenticate one users' requests with anothers' credentials. I may be
> wrong, but I believe this is the concern which leads implementations to
> restrict NTLM to HTTPS. Switching from NTLM to Kerberos does not
> mitigate this concern at all. If there are other vulnerabilities in
> NTLM which don't presuppose an MITM attack, perhaps I'm wrong.
Greg,
thanks for the insight. I will file a bug that the sole negotiate/kerberos and SSL restriction should be removed because it is not enforced on basic and digest either.
Mike
--
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
Jetzt informieren: http://www.gmx.net/de/go/freephone
Received on 2011-08-25 12:00:25 CEST