novaBBS - comp.protocols.kerberos - RE: Protocol benchmarking / auditing inquiry

RE: Protocol benchmarking / auditing inquiry

<mailman.19.1707938429.2322.kerberos@mit.edu>

https://www.novabbs.com/devel/article-flat.php?id=470&group=comp.protocols.kerberos#470

copy link Newsgroups: comp.protocols.kerberos

Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: Brent.Ki...@Durham.ca (Brent Kimberley)
Newsgroups: comp.protocols.kerberos
Subject: RE: Protocol benchmarking / auditing inquiry
Date: Wed, 14 Feb 2024 19:20:24 +0000
Organization: TNet Consulting
Lines: 74
Message-ID: <mailman.19.1707938429.2322.kerberos@mit.edu>
References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
<YT1PR01MB41877C7C3EAE9B10B43EDDECFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="17687"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: "Christopher D. Clausen" <cclausen@acm.org>, "kerberos@mit.edu"
<kerberos@mit.edu>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=qzbBTB23;
dkim=pass (2048-bit key,
unprotected) header.d=durham.ca header.i=@durham.ca header.a=rsa-sha256
header.s=selector2 header.b=gFDODSco
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=PS9sBxFLns1dYuE0nwv+WudRFB1z0sPOWccB88f1UxEVIr/ggQmC2XO+tRmOujb9axeMFXB8DZzjaWzlYuciO41tnHUDuJhzqGU29XpWGOZDBuvFzcGLkZEUnEzoTNoue9XKJM3ToCoY/7+5FIgXss1GUl1aS+aFoDrUziBkRibi5zg1vhlP3/5tdHfUPe+OBJmQGkp0zL6m78Qf9j+doJPl29PulPKMauLifz5XTSEMIyFMOQkyVtXRB2nZTvEoVWAxNA/X51UeAQhTZ8MJj9bC39iOXDFRgIRwW/vzq+iJ64Oq7jgEtrSiWG8DNZBI21pm8CIFlqgRBbE25mFgmQ==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=CWEZtIL6I1fVxmL3rBk6V0EMTDlIM1MPMO+10bceKRM=;
b=Lwe2x5tworWRm8oyHfzQF2KM/ShksHz0VCduzZ31VJk+PnkYh0yf9FAMs1PySXinf5q23ME8pOppW13ClPs19YgKtApbgX9osA0nHenTDHiC9iStlT4yeHQJuXqiytxMsS8qBQO5heUykRIf3swGbSaqT5pJmYpiA1UFH/ASITN9hwRqz6aNeusm6Yj4RzUCe/IJLRtVpuOaJ763XkCUWsjqlZEUZgnzR1JV1ch/X7Ou5igfaMZClrBfmfUxU0sosN8omQnB71fX4p7PLWR+ngmSXxgiPPMG1JaxlvfnznbfuRKGKt8E/6JMoLl3C9uUJxMO3cfMGiRFSRJkZXXOog==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
40.107.116.100) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=CWEZtIL6I1fVxmL3rBk6V0EMTDlIM1MPMO+10bceKRM=;
b=qzbBTB230sl7eTz1xUQMn2NjahIkuTAlnUbzbEzDplV+V5gciFTlCcMeP6GqyqGzxTpGdzhnCmRTOGxoDnSwkXbzTh2lE9RG4cyDNNX9MnaC+qETZ+jAbjvh3hMbiRuv3FPc2tCm1xy0XV02WJ2YLN8SN0VZZxZNvevWU8ce7po=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=BNuKHOQzj9UTDETkpTZBMYfI4kkc7dReZ76/bmN7o9j/NQe7b6eArbokydVk6q8pH3Qhqu/zJypxvjgLWvFKYQEty1KKqvbfCddNEKhDEOeR9vA8Nk1+2UGC2HGHV7HwQ/nYxCGjq46+Q4eV0n0/cBo0mi8u2DzPeHVOzonrQTnS8U+Zk9W2jJgyWe1+afAgau/qs8EAPfBjMJqqXvykF5bS4C3CanuwN8WSIjN185mDJdFKK3fCNrWTnLVHfHYqRQifFRKoxKXGfXNDg34BSsNS9nYQR1WcrANxuobG24R+Jx6nxP1pSXmENP8moodIl5QECCh7ahstpkjRMgiqiA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=CWEZtIL6I1fVxmL3rBk6V0EMTDlIM1MPMO+10bceKRM=;
b=FBvJm/UrtYL8btw5138NcB/1vJzhDxiTf8j8XtttxO6Sz58OavLLIfmzSII6CUCVcRO6qySRvaiXghVKpa5e2Mk+xV/DtqbM76DfoPZ4AjcuFVkxehFna3Xdfp5lOCEPegBOd0W+x8V8/cqOMDFkOgNXZIF3cNR3XMfIrk+4vayum3doTgS4D630962iGvM6ycFl0pUNul986OkjovCvGfeAFZIwAQFcR5MjfY9ChlmHkRUYab26XE0VVALY6Vt+GnPBeEBv0Qdp7h33wYA96Hf2VwKpcI5JOU6DSjxgYqCUUoS7MSpxVzAqcXnEiYxkpNLpGxVNd6AgE7G1oGXq3g==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
40.107.116.100) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
Authentication-Results: spf=pass (sender IP is 40.107.116.100)
smtp.mailfrom=Durham.ca; dkim=pass (signature was verified)
header.d=durham.ca;dmarc=pass action=none header.from=Durham.ca;
Received-SPF: Pass (protection.outlook.com: domain of Durham.ca designates
40.107.116.100 as permitted sender) receiver=protection.outlook.com;
client-ip=40.107.116.100; helo=CAN01-YQB-obe.outbound.protection.outlook.com;
pr=C
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=iopZYkg2BAaofH30nMKefihBUFJg9GcQ0zxJbykxOTWjmKsX4MhtSIWb7Mqt58Eh5IvBCjFRzgSUbacASwnrateXlpRKKLqfS8kkXDuslKoh+1SgGhURsCLTA9dhZ5Yp7YHfwwec6b08ELgdXFKHvj/Wb0urLu28fW2g81qwqxjElxObQUuCsffeU0G9+IF3t1EZBr0PP9YAypCWs9g5iQ7mcw+zzEAT4KyN7XbRxkhzarfVdqiswNIqrY+8JaAWwYPLViezeqUkNODbsbOY6QKLC8mRKzJSmLnVr25pwY8DnS0ihl4oaKGBJ3JN/Fxye5YhxtkcMgdzokRrJ1yP0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=CWEZtIL6I1fVxmL3rBk6V0EMTDlIM1MPMO+10bceKRM=;
b=GRVya3R0HKpKIoJ2rCDacio2NIJ3tlnmSvHH5hXqtYxcaYA9GEikhUnv1d5QTqxWqh2IJVXG4hxm8hZUkoWkWl8mEyj+qhAWv6MBRrzjrf0khYq94T9BGRqZyh70ivajyxRPcmh8yW99+zJb7W2CGUjNnqfWX6s/hOSchqK1o2dpGi18ZtPF9Jujh/OApKUTz1Y8iC6UbTMbbFa5HttaUByfXnrJaA0vrtpRJslHNbQXhrurkLdfBwFDx8JlUO9FlvEkCZsXj2JW7I/FEyLVl4P66YdFry7Hn9JhXtB6f0q2XtkxPpmbCchVNUZTMn+LqVbdBiav8LJmJ/pDZIdXpg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=durham.ca; dmarc=pass action=none header.from=durham.ca;
dkim=pass header.d=durham.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=durham.ca; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=CWEZtIL6I1fVxmL3rBk6V0EMTDlIM1MPMO+10bceKRM=;
b=gFDODScoi6f1PfDh8qs/0HSc8tTtJ0X5XdpIYX2WFAdrw8T5/P1aO+6gvVB/V7HAvECguESRRkom9VXppUounAt9mgT1YSxXYOxzBBUB9KMIpiJvuqbPK0hEOQMqyG8KlbvWs5uojoEYsVkGSzNvYTW8dv5dccdVWR6F2bh7jnTm4rhGxns2oDTN03Xian0i2qSt3dWGblhcbRfNuvCoPVIieSzuDwJ6Wf0OexX2nDP6gEA9wPs4VfMMixACIOlAj8mBY9CD+UabNMO0JLtG/cvq9nKCkkbNoofhjFXLy90ollVAxuPozFTpsSWCxLdpX8+Y/6bzWdXiaRgbc7l5RQ==
Thread-Topic: Protocol benchmarking / auditing inquiry
Thread-Index: AdpfbJNnl5mSPDfJShm0AzMzygkU8wAASQPAAALoPgAAAAqUAA==
In-Reply-To: <ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=Durham.ca;
x-ms-traffictypediagnostic: YT1PR01MB4187:EE_|YQBPR0101MB6182:EE_|BL6PEPF0001AB4B:EE_|MW4PR01MB6145:EE_
X-MS-Office365-Filtering-Correlation-Id: 5059c9fa-a6a2-4065-a9ed-08dc2d91ffa1
x-ms-exchange-senderadcheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: cHu8dK0sZK6CzQkIQDKROHRlUQjTAgQOnMkmbciD4PTbrNofCSOQM1KGX0rm07vh1C3y1j2zT9OeNNIg7+mwT9fZr0m0VLdYhlN11YdLNuHq1kGRF+elx6cyQv+Uyas+0CgvtgwpD+Xv3u+3iOTsPyoRXS+AOCqweIAwH+yeF3YttTmbP2vS/vSFm1z+7Xfci3SBY9GtvydubT8NK5aDUr77nORFWa5fwa1n/wjkSSGFAPYf+kEyrDfiecO8gm+e56y8FYLu7BnEw+rOHxzUGQaqF0o7aCSU8VAK2s67/ycHklKnfdLqmJ6aFreoZ4eQR4rLm1OKpe1stbXJT1E3zlYLFhMVnG3ZhtsCFpOR9VnUsKpjEk9rA/GlQPI2HrfReUqFvGTx98LR+0qAGSTQaO5+UO1cdPSecQqgBD8s8aXtHPb0Eq1+uaHWyglti4RqAlVl3pG/m0/f80ryPGPtjZtIEYBEJDaouvawxja0GrS/iD0FtQ6lOs28rKpt1+AXMg2kFspsc/tZ3BHhwhm5pE2sYdabVX4jaRae+/lw+AXkDWrGI7QlNBB/HZMT5hAOR8GjeVWFjjnTXbO9tj2l9cPOtCCnv4WEm4Sfd2hHlHXNCgkbwBaB2RsfaSl1CGXEr+wDtDqlngdRgJxCRud8LQ==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM;
PTR:; CAT:NONE;
SFS:(13230031)(396003)(136003)(366004)(376002)(39860400002)(346002)(230922051799003)(230273577357003)(230473577357003)(64100799003)(186009)(451199024)(1800799012)(9686003)(53546011)(966005)(6506007)(45080400002)(7696005)(55016003)(66899024)(2906002)(5660300002)(52536014)(110136005)(316002)(41300700001)(71200400001)(38070700009)(478600001)(76116006)(3613699003)(66556008)(66446008)(66476007)(8676002)(66946007)(8936002)(64756008)(26005)(83380400001)(38100700002)(86362001)(33656002)(122000001);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: D71UtU4DFqD4EIX30+mxgzjDL9uVzm3kWOO4TV2uqXmh/
tzhckGVHw4SC9p2aBCfZGJsayUqkQBrV/zDITv2SFUWQe
s9MKle8LWcrZUnG9oz1b9JsMMmw8NszWLMWe9kry7lf/q
q0wd+orhO8XYrT1QdcgZkr6S8Uf+g1vVxFzCcJ/kcldhd
UnNpph/wSUDDRP5E8Cv07mr4QgOpG5V6iNrsmdppkr7yj
mAlgnUdfQQQBqPoXFRmqQAqvyfERiz1e3pBKdbK4UNIl7
Rwj62ZYCRiqg1tB6wpp6KQ1uOmU5lxy9o4jdECb5fx8Sv
2d/AKyuJo/FpeEsySA5I2uv3Tlz2bNwALsuTiJIYWNSaL
jPl/C54Oqgc0tJ2xn9laaLCuQnrCc1nhCeiva/WLLXhiC
u9I4TlxfxjtacZ0f8qLDyJ4emdoUAUj+tWfKdnmMitS7u
JMtB3hU1rHsA6GDOqotMht4iGiuVQSRXjO5tXy20UD6Js
RGw25QNoveXh7rcM4DdFl84wZbVRqfG662ge5WWaua+lZ
/t4Ngd0jNOVqwpWXt7VwzOT+AWkcPA9Hx1rxT/0x/OMtY
6w1C7oqiMSv9KMy/joaPs8X0dap/MrrvP9BgsLGmJD8dW
W28EvKBWOXbYfMPMxUgurvRpuXBjmwsEQeosl598/u0me
/l0lBqx58zGyS0e7RGK6ilccTdFFgwVG4zZFgDqX2XOlH
E/jZHjM8WJfL+n2Lkl5c4TbXcYmYqTpUQdllbITM2KNuW
3rv2yZSMNtE1z+syE23kjYSfmE7t/iXLzCFsvBpDJfpXz
VxGZGmCofsnNRvWVFprew2UlXCdgcZj3960ft7Y5lTmBU
F7n1SsT8V2209+mfktRIJOZ+PnPvzU6/zV4wnSq6SmvF/
8L9KpGWcih9X5XYwPvDWV+M/QPbnGDn0e1RH0IQFxE85P
7/+GeXJKQdRyap/4DrhA0RfVbL7VX8Q6BZkqsWDsqzSTe
HHzn+3C7NA9/ZWu+wuzh4ThxAVWidQRgH2BfqR1F/VXjj
R3izeXVd6hMmaJG90cGrBWVZiPVwWDxzUHAhHzsY2HUN8
R10i3gSvLXeUgm1gV20sJK3aiFLtV3Wau36X91h2aWmki
+52FTLgtp3wBdLWSUYWD61F88kcuSUuQblU0MpHPBn7IC
SMBj8q7GBxaxhkYptx52ZFe5cCVe/pheMPtpM8zusxYd2
Qt9nZp/AHzVz1MgLgLZWkK3+6Cos48uWcOLtR9DRuoB5J
YH8wDnrzdetE0MUZ9joWWHiSELwfXFmpsfA3j7rfK7n3Q
tF9aP2MnUvYNswkLI6S0pIDkYSola2VKUoEqUwkyZpS1j
Zzi2NFSmJrky00T3VSiqnEqvVgDMcSr0WDjvjXS4jUEIT
FIWLSTRGyRrrydB21egCXWX8J/9vyWid+LUOWbEgTFLuk
bpry9oaza/6C7PkjIMeBNbTls2oRDq0MKMUV4Mg+zxaHh
CDzbzSR37OvedxUK9U7a6YSkEkE8t8qwa9LjqZL8fepMl
S4d2oBD+JsYWyJyGagACPLLiDIOhmhBfJ1P0uKTOexJOf
yKkO5VKV5d4PBcKz38DcYvDiCNTMHj5eJAJ00Lbw4BJR/
eA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQBPR0101MB6182
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: BL6PEPF0001AB4B.namprd04.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: BL6PEPF0001AB4B.namprd04.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 292562e1-158b-499f-43b0-08dc2d91fe82
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: FtMD1blL/e2TbU5wg0Ld64Ts0ye0q8ueEmOO4JzCmNDXno3jUIieNm1DWGZvLBf/9nnZtXgBBab7sAYbHhYB9qKq4Xy/voevpRzHh3W39pErfv31yxEDzZK6hsKDjQNBq88+0AzanTILDu2ezVucIkKFBguFTcLw/ScrG/t1emXZMyR5pFWNamlfLwd8OeuljgmqInDvkf/TV0ZD6gYWHmIkC4fvXP3HQTx8aFqF6jCcD7Ak3O0xk5zja3ikMFgOzCkwVdlZcPT4iPkUBLntAZcuFLhT4tgxsinhNkpZ82FjeOtBsjbHHaB/PlNsEAmps52Nfl87bRchEcbpdhZmWHwkZL+nJLOA2/0+6M99f/piBVzrQ5aVBKo9K26mTI93+4/07qrdhLj+F7dQ6QifpMshm3hFnWGJdghYmMCF/0yzEAHAnN4ccNojydENpT19abk7ynnThgakSMlQQj5jFKtwHQ9RLWiHo7CBNSub2UFn9IjaSxnhkJFtP1Qng3qBDyWhwaF2JhcXZJfsgBH+UgNTEIcag1/Qp33EMiayn9O317BReJ/OVGNK//07LBmSBmvLD8B/mGQyxclt4ADcmfSpjcryCWQfTrFgldqQNZvax7SD+FxXdPLZvZATCUd3wCZL+iqvqQOZVJCp+jolNfN9j5xVn3c3ymNLYHiZKYr0B/WiKTtQLvsCKKQ1IT0u
X-Forefront-Antispam-Report: CIP:40.107.116.100; CTRY:CA; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:CAN01-YQB-obe.outbound.protection.outlook.com;
PTR:mail-yqbcan01on2100.outbound.protection.outlook.com; CAT:NONE;
SFS:(13230031)(4636009)(136003)(396003)(346002)(376002)(39860400002)(230473577357003)(230273577357003)(64100799003)(451199024)(61400799014)(48200799006)(2906002)(66899024)(110136005)(83310400002)(83280400002)(83300400002)(786003)(83290400002)(316002)(8676002)(966005)(6506007)(9686003)(7696005)(498600001)(53546011)(52536014)(336012)(83320400002)(70586007)(68406010)(5660300002)(26005)(83380400001)(3613699003)(86362001)(356005)(33656002)(7636003)(55016003);
DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2024 19:20:26.1123 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5059c9fa-a6a2-4065-a9ed-08dc2d91ffa1
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB4B.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR01MB6145
X-MIME-Autoconverted: from base64 to 8bit by mailman.mit.edu id 41EJKSbd3894813
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <YT1PR01MB41877C7C3EAE9B10B43EDDECFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
X-Mailman-Original-References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>

by: Brent Kimberley - Wed, 14 Feb 2024 19:20 UTC

Hi Christopher.

Yes. You are correct. Peer reviewed installation readiness documents like the CIS MIT benchmark are a good "first step."

I was asking pointers to the rest of the lifecycle suite - specifically "walk".

Crawl
=====
Installation readiness documents
e.g., CIS MIT Kerberos Benchmark

Walk
====
Focused applications.

Application which can connect to a client or a server and emit:
Enabled ciphers.
Enabled MACs.
Enabled Kerberos modes (krb5, krb5i, krb5p)
etc.

Background: most sites appear to be misconfigured.

Run
====
A focused service.

-----Original Message-----
From: Christopher D. Clausen <cclausen@acm.org>
Sent: Wednesday, February 14, 2024 2:10 PM
To: Brent Kimberley <Brent.Kimberley@Durham.ca>; kerberos@mit.edu
Subject: Re: Protocol benchmarking / auditing inquiry

[You don't often get email from cclausen@acm.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

I have used this as a guide, but I think MIT Kerberos version 1.10 is the latest available:
https://www.cisecurity.org/benchmark/mit_kerberos

Not sure if this is what you are looking for or not.

<<CDC

On 2/14/2024 11:46 AM, Brent Kimberley via Kerberos wrote:
> Preferably something smaller and more focused than nmap or OpenSCAP. 😉

> >
> From: Brent Kimberley
> Sent: Wednesday, February 14, 2024 12:44 PM
> To: kerberos@mit.edu
> Subject: Protocol benchmarking / auditing inquiry
>
> Hi.
> Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
>
> For example, SSH:
> Manual
> Read the RFCs and specs.
> Semi-automatic.
> jtesta/ssh-audit: SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (github.com)<https://github.com/jtesta/ssh-audit/>
> Automatic
> SSH Configuration Auditor
> (ssh-audit.com)<http://ht/
> tps%3A%2F%2Fwww.ssh-audit.com%2F&data=05%7C02%7CBrent.Kimberley%40Durh
> am.ca%7C8eddde16708448e6cdb008dc2d907d49%7C52d7c9c2d54941b69b1f9da198d
> c3f16%7C0%7C0%7C638435345797172606%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&s
> data=ydwY2y5%2FxuZxJavbNQw877yOmuFuVo3DktJr%2FdFA05A%3D&reserved=0>
>
>
> TLS example upon request.

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

Never trust an operating system.

devel / comp.protocols.kerberos / RE: Protocol benchmarking / auditing inquiry

Subject	Author
RE: Protocol benchmarking / auditing inquiry	Brent Kimberley