Bernard Aboba wrote: > If a client obtains a ticket from Server A, running software > version X, and then sends it to server B, running software > version Y, how is Server B supposed to figure out that it is the > wrong version? This becomes a problem only if the servers are using the same key to MAC the tickets. (If they're using different keys, the MAC won't match anyway, and server B doesn't need to know what version server A is using.) But you're quite right, this could be a problem if one shares the keys in heterogeneous environment, and the document should probably warn about this. Best regards, Pasi _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf