Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

And Bruce is effectively building BruceIX -- Alan Cox

devel / comp.protocols.kerberos / RE: Protocol benchmarking / auditing inquiry

SubjectAuthor
o RE: Protocol benchmarking / auditing inquiryBrent Kimberley

1
RE: Protocol benchmarking / auditing inquiry

<mailman.20.1707941263.2322.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=471&group=comp.protocols.kerberos#471

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: Brent.Ki...@Durham.ca (Brent Kimberley)
Newsgroups: comp.protocols.kerberos
Subject: RE: Protocol benchmarking / auditing inquiry
Date: Wed, 14 Feb 2024 20:07:35 +0000
Organization: TNet Consulting
Lines: 88
Message-ID: <mailman.20.1707941263.2322.kerberos@mit.edu>
References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
<YT1PR01MB41877C7C3EAE9B10B43EDDECFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB4187811A3494455CDEA86B7EFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="25791"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: "Christopher D. Clausen" <cclausen@acm.org>, "kerberos@mit.edu"
<kerberos@mit.edu>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=rZBvwZyO;
dkim=pass (2048-bit key,
unprotected) header.d=durham.ca header.i=@durham.ca header.a=rsa-sha256
header.s=selector2 header.b=hwaMOA4a
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=GI5sL37xpJqamX9Jk4gyCD/q6bkQGKr0uRqY8mrCRQE4Y7bjZ6wMzXo0etSpdHQ7H7perdrygp4YqWg5hOQmrAqP3rZHweR9xWWTTFdcD6tthJijnFFg7zIshX7Tv+RKWPNYsPsY+nIMe1GzRrQc2k7ehJ/+W/MkEsGAuxZ+YLFfXQtuE+KyOchfLBYL6s/NJqHJ57jRjfIfxyEpDasOKd1f3lpSlyW0j1vDmmzHdhpBFKqMR8PlSBQLeWy0fJ6AbkffrtSU3/6kNdrOScEKxvdNSrLKB+m0U4fvGXMkrcZPDpcTd67h/SiG/k5fXqz/IEtzqUmChuB800HMvgsblw==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=5NVznp021s1AUmXKbhw1PKvkTp9wJQyXCQ/Ap8K5uIU=;
b=nv6TRNTNshfl8e6dS3p6IWsJgaOU/FIwXqIBhdLGJiokF6malYFXdgzfNzU0HOztWJxbWYb4hihGrLXw2Pw2QLgIh3g4nnuvYV/DoYPp+8Q0tdfxk2R3Jpwb/Hxh/MvRJwEHRRQiKP+sWNCBAAMgMwnT2XRPIcO8vQjd3x3FaiWw1GyrfuGxF1aS5tqkVO9+FM+Mujn8jxw0RbwyeHRgvJ0/+3PrfUiSNuQDBDYxmtA1d5XBlzGPTTqiQnTNw7Es9hNfIWdfr5c2R1xiVl8e5PRfJVqPwbNOkks9tTG5uIYI83Xr/efb50zBnNbaYVErxNH/KMeQGR7IMSOdXRfP6Q==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
40.107.115.109) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=5NVznp021s1AUmXKbhw1PKvkTp9wJQyXCQ/Ap8K5uIU=;
b=rZBvwZyOng0Ol1qzUCrZ0/nzi2RCXPnCSF+52shyawrogtwtKn0UmWVIlOfPtoYb3YCawW6xCyQMkZhFq6kTQJfLpJudXHPn3PWUdQVJy/meX/jYb49Gj9nOr2t9ocgNWZ/TJmARvotFqeQMF6IVyXNeQ2SiTWY8tVNGjFcxo6s=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=UGxSogxIUtHbcqBrOOi/jlJFRJT2fOLphYQafW275B8krvlqIcQYqT3U3KeJg5LIRt9oAGiy0/LsPpNsudmjs5VbnMslBtxq3kLTsEu9yjU97IkykLrnfg808cXdiA4PMHeomv7QpfLNr6s9G70fkhy3vhPD8tQx1E+4rhHGomK4VYUgP/912/ZWk0aLKQ+tCsCr1evvORczbbIqVG7G80tP3xRsSa7rUc0JjfOeESb0giViMdOItmTiAjXyHuGeubY+YcuqC7bbiMYUuCtC75y2HjwclBd/zaKsrwseCi34GaX4UcPFyMmefFyTpT1SmVZQEusFxYbkS9Pp4iKIVA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=5NVznp021s1AUmXKbhw1PKvkTp9wJQyXCQ/Ap8K5uIU=;
b=GEjEQpYjUwmE95kibiHgcQfBWc4XWl0oDj0MQtYYVVvtQGdRHT8vZQdVwD3pNTyn0XCQLpGRdOBQ8eWUQiwLQZYhJvrp0fbxXXHkCpXCL0ZnWWhfaOJ4XW3cLYkIY8B5/R9PgXvkE/1qZKxQeFAnX69E9Vfxk3wguBS00ilCUMBHuHAeumcuTsoXhKXveZvHRbfrDFlnQlyqF+4je6AhWiFXQ4u1/IuJg+KGJRv9IjJhBCxspT0/7mERywG35MHGoelU6095wBQWK5MQ073O/h6ErKrI0kaALeuYmSzSXJNZeR6WNDZ5ACiutz9NsOgndIdMU1EU5clZ2ylCM0h6fg==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
40.107.115.109) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
Authentication-Results: spf=pass (sender IP is 40.107.115.109)
smtp.mailfrom=Durham.ca; dkim=pass (signature was verified)
header.d=durham.ca;dmarc=pass action=none header.from=Durham.ca;
Received-SPF: Pass (protection.outlook.com: domain of Durham.ca designates
40.107.115.109 as permitted sender) receiver=protection.outlook.com;
client-ip=40.107.115.109; helo=CAN01-YT3-obe.outbound.protection.outlook.com;
pr=C
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=fI8PCWU9efvCAqf0oLiel0bYinK78yr12QASi5vIP0W2MztS2mMcJ5Mpuf6LnJfqfEoyTHrtOvQ8niafm0BcKPgt70WgoqZ1uo8RgEsK6RfU7oD38GlK3He7EP+ojbXFXE1fp91V9R+kUCumRW26+aH0vKHeE+DX+81gXJ1N7IkM+HUKRN2vhVM5n8n8adUK3qjbCsFwYTd0KJ2vxxPHNnR+e9JcfuPg3sE62i+JbrVdTgxRvUH3Pjb34EYSLFlbGdYmuPHgOIcWTj/CGbxdSj+kNaCIcdAnIgppP3Xqf0k/XEIW10OQBVvyiDanh7o7Fj1e53DM5LyCWf5Aoe4JTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=5NVznp021s1AUmXKbhw1PKvkTp9wJQyXCQ/Ap8K5uIU=;
b=SDh33ad1U7UpNLvymuW8eoLSg+MXYpBiBgLG54nH8errXjq8mVOglOetigKgSAAB+mwtHPKtXHLeaudsmSXZftylWgxL5kUHWEPyIVubDYjE08YT0sG8GxPF6lMxp8P5KmqaMbGt04ZyvpKZrSfP/UHQqIWFJKya+vLAM70TIjjz0Nu3r1YweZzIADMLJvK4JcseGM8u2bQbiqO9S96QD2z+VlbsobFdMVeNfTdKHvnRkCsXKnq+3n4ejATctt1u289+Y8E7GCS5A1Zgjfl0ktdWgc08JxP6ZENNR/mNi3tbqRjCA6lqqGamUhgvjoG3sDhwD8Dk2NGD0/hztSWjxw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=durham.ca; dmarc=pass action=none header.from=durham.ca;
dkim=pass header.d=durham.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=durham.ca; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=5NVznp021s1AUmXKbhw1PKvkTp9wJQyXCQ/Ap8K5uIU=;
b=hwaMOA4aWJ5VK0Jmjft4LU/TmCjeToZGDZAUb3qpC5ddeXm0wHiSvXVnHx9QBi55GBO/npKGSoQ6nVhaZ4dnYhizrkH+19K438HlVId2cLg+ASMQrMl2k7amvmNtdDT85gP4+HvArjDVLanw642q/bsEqq42OM0xtW0YINUXTA615XVdonfNdLHF22tBx+FtC7DhaCdxhTgjySqGENsRjwFMoDHekrFVUIWSuCPnEOEAlNzus7aMryPKULfbCoLkvrqWF2hi1yO6iyGVqbGUNWEL4wqAusx/1cHBvcerPo36BOkovmImsTFlJA0RPJ1rphU/v4URnUL2E4lY21V6oQ==
Thread-Topic: Protocol benchmarking / auditing inquiry
Thread-Index: AdpfbJNnl5mSPDfJShm0AzMzygkU8wAASQPAAALoPgAAAAqUAAABkXMg
In-Reply-To: <YT1PR01MB41877C7C3EAE9B10B43EDDECFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=Durham.ca;
x-ms-traffictypediagnostic: YT1PR01MB4187:EE_|YT2PR01MB8408:EE_|CY4PEPF0000E9CF:EE_|BL1PR01MB7700:EE_
X-MS-Office365-Filtering-Correlation-Id: 42d5aa37-ac35-4775-dc74-08dc2d989759
x-ms-exchange-senderadcheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 8JOnWnUKc2ro95KZNby0+kezkLfH49IEyUTfWV7ixSvYD/rSYCw5+06FpG+Z2Jn5gkJQ9aBEHWSpTq4XbSRRjikLXnZYUtVOKIauGE9ss3EHKi6Gd/ZrIeXD8LhhFJviLDC+EHT5QM2bzlOFdxGUWqQB8jPgbj05+lego4kkcgXtxAApNKfAN1SyZ/oFA13iSS+ZaUXhJWMWxq3cWr4tMeAv7IbAUEEDRPOyVlz1yKPVgHe1JJxv85oypaZz6xKMlGR04okp0v8w+67udmoMyOzeMYyb6pIdKsVa0DONUWOXvNV+/9REedXbsbZ42FUwNTLf4uKAT+rY85Kiw87CrRHY/n4Q53C/iZ+8Tpdl+FKD4u7wtZWDTloNMGl7eb8yNKuyEIcHzqHrzVU2+1XNZ9HFEhDE+uUfy3igOde9AwELIsHnlUACvZt5v1+HQU93eLRNGzPJYNzEn4lBLAOcyE/c2VMjnu8D589T7sjjtsD5Qw2mGYaOQeGAwZsFYBvTcxOEVkyDdswF3e07OQmUMcosdJbRJ+4Bq++InPIImwFWRsv1uqIGc/f07oXT4q1GQbW1Oy2iDpL3KvmKUXKUEkkTHIG7rqrLBEot7eMxcH16ymidhytLFDkI6zJKUXS+kkkRgdTQtg8a26egGFap/g==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM;
PTR:; CAT:NONE;
SFS:(13230031)(376002)(39860400002)(366004)(396003)(136003)(346002)(230922051799003)(230273577357003)(230473577357003)(186009)(64100799003)(451199024)(1800799012)(2906002)(52536014)(8936002)(8676002)(5660300002)(66899024)(83380400001)(33656002)(26005)(38100700002)(122000001)(86362001)(38070700009)(6506007)(76116006)(66946007)(66556008)(316002)(66476007)(66446008)(64756008)(110136005)(7696005)(3613699003)(53546011)(2940100002)(9686003)(478600001)(966005)(71200400001)(45080400002)(55016003)(41300700001);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: EJKNKAbkRfSoruZpR+2QkxBLPuBDiFsNMJKDJkez/Vck7
BVa1g2RSse26pxqHj+cINDgBFGX9D0vySR7kWl3fap0BY
ygb+nkcI4LAD7tjLMYVVpwdstGolb91tnwC1xeoWGyyz0
DdHv4Jk6jCQfH/1/12U4Bh+wLao4vg/bWd+qGVKreJjWT
OnegkwGgBezKDgvvLMwwsSlHyQoG08m9DEprc45f2Hv1P
eGhzRjJQVSPz/gRyC/qU4dIAb65usaizBYprRe6b5VA3D
HWhWxjVRFAe26ks7DgiZzS3YbM2uO4io0cBYk2vkQWA/4
lOEmG7+IMzCuMCONbFegG3m8N4wYEFxxUK7IV6EJXMMw2
LQHNlSn6yNrM6z8qD37ReSKilztUSgrUFN7dudi9lmrcj
KMvMKvtkdHndUJVjd+zrV7Btt02xmgCgYWFEcoZJF+j4k
/JI0OfHjUQB0gZSqSZFptal5Ame56LY/pBOytmNyAHAGL
s65rBxK1axFwliWV6LN7T9rPlxm4t7kM8rAdXrqXJPCW3
IhmaPReR+ejbEEP7rZp0aj5g8aEDfejwN9jwckkZbDIRV
Rr2W8SSs9Zt5APhoR96x00p5Ld+YjyhJqYU8W6mCPYEDN
Ga9842ki+qmVx+D9RTchkX+paO+vCJ0mKaPfHDCjMwfvI
HmgO3GPy6LRn/nCuUE2anV/vtqlkdn7UufQOLCcWd8+de
cswPbU00qn0M+v5+XNAkkFp7AaMCaQe38hF3RC9/sfNHF
YcopPcxYpiVfhd94qjClpmdZrOlhU4knL484pVoZ0p+HF
JmdI1V6L3CKtLlanJcjbgO+VrMxhU4JfcSioyHTpF7mOY
FauuXQW2i9L+YJbRSHw6RdQlE+n9Y0VTIREZitlVpVU6x
sx+p+cUeq5wq+jqMLVDLtAKi9+vPNC3tRhA3aqMLY7Zpa
OlLhsiz9+7AL4hIa2IP2VILx11pYM9iRaLQteCME3opCj
ydAFlba1c5Izh9g93brV6+WboPuxtUwQswZS64bRXn0AE
iqDTFzbmkMZ/4akyA//I5IQojRKlH7z96S6E28c3UjpQp
/W/G1FxoOH23oKqBjzlicjVrwuxlDkk3XOwqTHKTI93Lw
3SFGjN0BfnrXu7O4r0Ht5IItzhxZC1VKyz3JR6dviK6kv
BPB21MrltbkW6H1AbYDJqdTLaolzqhdZjv/3Hv0tpvQdx
SN+IYBvO1Udg/Hj1COFui/7C2qMSL117FlZue/uwSXEES
Xm/6T/iIImIIJmyHqHxGHcBPieRssn17NeTbaGJV2gj4N
z8C+EVfiL6awZ9i9YUhZjeAqI4A1+ObjX/oMX6skoNAiP
H+yK+L/lXW3bGQ1559r93zjQmG8WkbLOvviL4hydwsstR
giIBcSgKDdywoLJRU3vxH13NVcD8Jywi6U0zr3tRj0RAA
a0hHLYAUPihgvaLUx3h4FO+SEFzklIIc2EfXrCqjeUsSJ
ToN4DdN23bVZFP4Qdx+HxMzV0ub6/O/3o59IuUpgYUAxc
4RgNpjsDSSas6Mj+vDWXjAzzl/O8TwzvPKxaYYHExpKny
DuuBAcFNNJ11xa0yFY0L5wwfnnAyvx1kJJ1kaxiCrA/jy
Ww==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YT2PR01MB8408
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CY4PEPF0000E9CF.namprd03.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CY4PEPF0000E9CF.namprd03.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: a4f9fb83-fc1f-4d8f-69c2-08dc2d9895fd
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: DbUBbOakGFqiNgDnG9lqkMTYhP3t5G/Sp2s0nKTFIgLfSviVCbtyJG4l7WsCZ9+UUXpA7SddQJeOE2s3tjnURP569et+4hqex4jp7AcpI6GAB+hVr5AAMDQa0E2/Bv4utoYr4QZaXU25nLtGwDGUOttnIDS3Vqz/a0DS29HZ2FEL46CQEyo6e6icOwiADW5YcwjZvljMxdQWTZkiFZX5f9yLmRqBltWZlU08fhL5ZFqU9Ixiee+eHi6hblo5QgpjYRAFcmf3HPrjKuAAATv96vt5bwck1gS8hTBpv6NYo6yyYiSHmxhsGckBRHxxneH0y8FJbJAfG0cTKPQKzlqjoSLp8fDYVEM0df4nPVxprc2Y/yekebbrZw95CkpCuNa0IpbYHJRKWj5ggszQhhfoafp6zlsFB+nBFW4vM0zqoyQpq999eprypyHAuOM7CF8XkxuJX+GcToP+w1Qey5ZZyz6W5pwrHvt/ycYLIG3Nmy+5ADAdHa/T6zilmNS12mUzXgAvlME3zdY308jldCWSroGHoZYXX4yHu85T7jl95Sm24DDyRyGkkWBSEQB49U2FYylobzfA7NEoUq7D2AEvwy5CnlNgpoBjvf4vQdAl2DvsH7OrRPOyIVSEKmKUCA7iyj0S28+Zq5Ess3YNOcEdlB7DyxME3fEs06mV4Gcp0PP5B9ps3mgLc5Jkasyf6TxA
X-Forefront-Antispam-Report: CIP:40.107.115.109; CTRY:CA; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:CAN01-YT3-obe.outbound.protection.outlook.com;
PTR:mail-yt3can01on2109.outbound.protection.outlook.com; CAT:NONE;
SFS:(13230031)(4636009)(39860400002)(136003)(346002)(376002)(396003)(230473577357003)(230273577357003)(61400799015)(48200799006)(451199024)(64100799003)(3613699003)(66899024)(33656002)(55016003)(316002)(110136005)(68406010)(786003)(86362001)(6506007)(70586007)(5660300002)(8676002)(52536014)(7696005)(966005)(2906002)(498600001)(356005)(7636003)(336012)(26005)(9686003)(83310400002)(83280400002)(83320400002)(2940100002)(53546011)(83300400002)(83380400001)(83290400002);
DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2024 20:07:37.6201 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 42d5aa37-ac35-4775-dc74-08dc2d989759
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9CF.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR01MB7700
X-MIME-Autoconverted: from base64 to 8bit by mailman.mit.edu id 41EK7evh3911632
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <YT1PR01MB4187811A3494455CDEA86B7EFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
X-Mailman-Original-References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
<YT1PR01MB41877C7C3EAE9B10B43EDDECFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
 by: Brent Kimberley - Wed, 14 Feb 2024 20:07 UTC

To the best of my knowledge" Krb5i provides integrity whereas Krb5p provides confidentiality, integrity, and replay protection.

"Walk tool" finding could map to a radar chart.

In other news, Matthew Palko plans to modernize authentication.
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-evolution-of-windows-authentication/ba-p/3926848

-----Original Message-----
From: Brent Kimberley
Sent: Wednesday, February 14, 2024 2:20 PM
To: Christopher D. Clausen <cclausen@acm.org>; kerberos@mit.edu
Subject: RE: Protocol benchmarking / auditing inquiry

Hi Christopher.

Yes. You are correct. Peer reviewed installation readiness documents like the CIS MIT benchmark are a good "first step."

I was asking pointers to the rest of the lifecycle suite - specifically "walk".

Crawl
=====
Installation readiness documents
e.g., CIS MIT Kerberos Benchmark

Walk
====
Focused applications.

Application which can connect to a client or a server and emit:
Enabled ciphers.
Enabled MACs.
Enabled Kerberos modes (krb5, krb5i, krb5p)
etc.

Background: most sites appear to be misconfigured.

Run
====
A focused service.

-----Original Message-----
From: Christopher D. Clausen <cclausen@acm.org>
Sent: Wednesday, February 14, 2024 2:10 PM
To: Brent Kimberley <Brent.Kimberley@Durham.ca>; kerberos@mit.edu
Subject: Re: Protocol benchmarking / auditing inquiry

[You don't often get email from cclausen@acm.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

I have used this as a guide, but I think MIT Kerberos version 1.10 is the latest available:
https://www.cisecurity.org/benchmark/mit_kerberos

Not sure if this is what you are looking for or not.

<<CDC

On 2/14/2024 11:46 AM, Brent Kimberley via Kerberos wrote:
> Preferably something smaller and more focused than nmap or OpenSCAP. 😉

> >
> From: Brent Kimberley
> Sent: Wednesday, February 14, 2024 12:44 PM
> To: kerberos@mit.edu
> Subject: Protocol benchmarking / auditing inquiry
>
> Hi.
> Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
>
> For example, SSH:
> Manual
> Read the RFCs and specs.
> Semi-automatic.
> jtesta/ssh-audit: SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (github.com)<https://github.com/jtesta/ssh-audit/>
> Automatic
> SSH Configuration Auditor
> (ssh-audit.com)<http://ht/
> tps%3A%2F%2Fwww.ssh-audit.com%2F&data=05%7C02%7CBrent.Kimberley%40Durh
> am.ca%7C8eddde16708448e6cdb008dc2d907d49%7C52d7c9c2d54941b69b1f9da198d
> c3f16%7C0%7C0%7C638435345797172606%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&s
> data=ydwY2y5%2FxuZxJavbNQw877yOmuFuVo3DktJr%2FdFA05A%3D&reserved=0>
>
>
> TLS example upon request.

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor