> The MAC will check out only if the servers are using the same key. If the > servers regularly generate new keys (as is suggested in the If there is no rnormative requirement that the MAC field actually contain a MAC, how can we assume this? And if there is no algorithm indication, how do we know how long the MAC field is? > Doesn't the key_version field also provide a hint > as to whether the ticket is something that you > can recognize? If the key_version field was globally and temporally unique (for example, if it included the server name + a counter) then it would provide that information. But it's just a 32-bit integer. If servers start at zero, the chance of collision will be qu ite high. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf