Re: GSSAPI

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Jul 17, 2014, at 7:59 PM, Damien Miller <djm@xxxxxxxxxxx> wrote:

> On Thu, 17 Jul 2014, Douglas E Engert wrote:
> 
>> I too am personally baffled why OpenSSH does not include the patch.
> 
> We don't trust the attack surface the Kerberos/GSSAPI provides.

What’s your justification for that?  I don’t see a larger attack surface in a kerberized environment compared to the wild west. In fact, I see a lesser attack surface in a purely kerberized environment (unless the host happens to be on the border) because you know everyone connecting has either already been authenticated by the KDC or will promptly get dropped on the floor.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux