Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

No problem is insoluble. -- Dr. Janet Wallace, "The Deadly Years", stardate 3479.4

devel / comp.protocols.kerberos / RE: Protocol benchmarking / auditing inquiry

SubjectAuthor
o RE: Protocol benchmarking / auditing inquiryBrent Kimberley

1
RE: Protocol benchmarking / auditing inquiry

<mailman.25.1708017522.2322.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=476&group=comp.protocols.kerberos#476

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: Brent.Ki...@Durham.ca (Brent Kimberley)
Newsgroups: comp.protocols.kerberos
Subject: RE: Protocol benchmarking / auditing inquiry
Date: Thu, 15 Feb 2024 17:18:34 +0000
Organization: TNet Consulting
Lines: 111
Message-ID: <mailman.25.1708017522.2322.kerberos@mit.edu>
References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
<YT1PR01MB418788B7045DF1E5B375143FFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB41879A321B6419A0CCAEE830FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB41873C15B6ED0600842D58FBFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418759BF87C15F508920501DFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="11518"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: "kerberos@mit.edu" <kerberos@mit.edu>, "kenh@cmf.nrl.navy.mil"
<kenh@cmf.nrl.navy.mil>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=UyNHl8Rr;
dkim=pass (2048-bit key,
unprotected) header.d=durham.ca header.i=@durham.ca header.a=rsa-sha256
header.s=selector2 header.b=EcBKxZz8
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=NZsnWL651WJz4rNVa3kvbTOuJHDm0dtZA1SgFysnzR9keAkR5zAy9TJAXF/aWNBzuHfsS5/nf4u+zLDpCQoHQJOtFpQUANZC09InnehoZ3L3jMXK8TFaFASdA9uBvwsy3C6TJYv4lBpGsP5vsc734F/n3YRwQojjNWCNMGI8MX5EoU6QfTQKz7XAO/eCzPi4cTf7SyQprsBHw8PC3XVpvd5Mpb1kiK1Z/rTj8Ts0TztmN1n6Vd5yTLGaql3wG3BFntLH8KkuKTBpYOaqrnqLOr0T1nHCsh7Z8/PdYPxyafHdu+8EQ9iYeY4936aykTfmR4MP2FXsdKmV9QAMwMs91Q==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=;
b=LDiLWM55a4Nj0edNIdo+wHRbfpvZCS/+Mn5I00lpinfAi+zkP9arWAwAStdvUUqRl7y6amAPN79ZemvBAoZXqu/soVU6jwQWVT37pwpaJWnlizBnMgQxYBHv/qyRs+InpjDz6aFCFNxEu6548DcC+EvodqhuGIRItjPzkaQxIX7khplO1Vz3xAAOiw/bsqzHN2H9fhDjTlTcuMGEpgH9ipa9XBQAkd44AtEvDHLnsogj+3IDYKGA5WNvmcSSZsRAsfq2C9zX6VXqpfaz0Ikgf5rJp8Q8UIqb+wO9Nt0h77CShpob3KkVnzQ8TP8mug9NObl9MqKJPXj0yg6pNeXHlw==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
40.107.116.139) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=;
b=UyNHl8RrEfuABHmbWu2MxzLCWeuTWh/grYnPfcg8Nl9Oa/AxIhHdkR+mFjOOrHNGy5IkLrQ7ZVu0YEhm88BksPwnL4KS4UuZG+lBq0LKjcN6n92AUVIn58xnHEgOGTcdCpM2JtkyBIT8IbN75okG5I+rjJfbEsmhVr73Q0ePpkY=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=Usp0VF2h05JegctGQ6Z9TdzoDGYPIUVelcwBtCcxhCsv5vgUaetyu3qO4R1xNqKddCRv76uiRaCZGFOgrIyblYcW+OvOGAev4jhmmU3BzPeTMkK2JQJ6E6dprEiK/jUGalO1DlSJ9mf0d7tE5FHiZd7Mal0foIXtqR7LUNQR2iz1Wv6G2n4/LuBXFTm88MuRVZBTNx55uUDCHQbzbqq4BerV0tmCPrz8iIc1vuKbW3/t7c+vSftT2nd2+hpmn4p2SHbz+pfI9m1o+BpPj4y6qNEGS7TN4TSAc7T2mMjGDy5cTQkxbLh+QgrNgg7OUxcHK0yeHia0KmHwHSwdyyezvw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=;
b=LnOtMdzxJ9Bn3FpmJOk+lfeff1HqWqmlHs96ZSHpfLZebEL9qsDHDF3ZISv+VRrPWA7cu12p48SWv/NSImD0YmjahIcgXbXL5fgmRgLv9v9Zuezlww1xDNeomozT9RJtVlEb1Ara5g93pkgjpdSryzcSh0xS5evAolACRhYkYxX2kXdDcB5rB+hEumfCa3UtwPVRs7ItCFNgrDVlxfmRqDZWBQIKg75YNmcqs0F3PLK98W7rHzzAPv+cyFDwe8VPRkYFJEmMmzxHijd4msoslQUwQa8BBRy8lrEjOrObzxT14kC8qkgTv1n/BonatQ4Dja46571xhF1WnM/bqr7kXw==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
40.107.116.139) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
Authentication-Results: spf=pass (sender IP is 40.107.116.139)
smtp.mailfrom=Durham.ca; dkim=pass (signature was verified)
header.d=durham.ca;dmarc=pass action=none header.from=Durham.ca;
Received-SPF: Pass (protection.outlook.com: domain of Durham.ca designates
40.107.116.139 as permitted sender) receiver=protection.outlook.com;
client-ip=40.107.116.139; helo=CAN01-YQB-obe.outbound.protection.outlook.com;
pr=C
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=TxuEQXnQUrVyRYqcLkp1Dw0vjraou7xlcN7t8qWEo1aMkl0A1HlJSQNlYoKOq8daQOA8jjjr5zvKQF54ggvuEyWGC47DrokQrSpZsFyGgi89XCq+PWyZzBqMcoFijDF64+FkRCA4FyegHPWL3gklnWNv9vvJc9ykXErruX3KH8pPCtyhSqN6kdO3ic6m4k7QSOExW6ttQ63/1DCW8Qe0dZvKw9IKMFoFV+MwQMBHcL0okkQxo/uDZET0OjxqpcH64ORGNWAGFYGfIk4CSBE6bLrEL4yDC33E23soifRPxc/JRIHIsY+wXA34taI/aEgjBArPxwbevHS37o92imA8Lg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=;
b=Dmmm/hmb+WsiCtGxRrb6svkfQDhyrRz3XLv3ulFjkf96LdzwlajNb88gZGyiLkf+JfHGfnoAUrdq+GHEujK5VjPsd+8cxb62/lk3f/6wqkLE2eECG+2gCVMOAByhQ6+oWwrDlDHuBds4l/YA6ZA52cO7dRIMry/vclNxRM11mQWF/QktE7ac84nIyhg1lxeN8gNrEsPygLZVfWKNKKzpfp1+Gwdd6EBqODr1GhKZaXCTqLvUr7fkRyO8W0eC7HOpsWyYAU3vtoVKHKhRaE0QEwx6aBNM0XdB5UJG5BAhka9o8oekDJPehXP0uBteQmS5+Jtj/H0Bh+gimcUSfHkC2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=durham.ca; dmarc=pass action=none header.from=durham.ca;
dkim=pass header.d=durham.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=durham.ca; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=;
b=EcBKxZz8nTib/YlBaIPZlU+4dJdalu3TKNcHcJ7OSqIJ18sSAAuFcrzROzHGI5kUhvCyS2Zi3p0ZosDDWLwaMYRWWpeuq9FErVdXl28KNV8LGrMY6YEWwx1LcFnDvq3WF4VohgmfIKy/UG4FcsGtWkHlov7g+W7QTuEiVG8+tRKkVOBTrHSlgAMzruiuGaACx1p4voDEAptx3hpPLlM4muo7SrewhnOvva8KvsNCa1mX9kTc1NZOu+LR2RN0++PcmU1VLSG+04AfV2MmL+eV7uXiEXVRASTdzDLpoeKdRy6g8DfObBPELA7bcaIl5pQY35QRTVYt7oaEuq4oBxDSqw==
Thread-Topic: Protocol benchmarking / auditing inquiry
Thread-Index: AdpfbJNnl5mSPDfJShm0AzMzygkU8wAASQPAAALoPgAAAn8VMAArbSgQAABAtGAAADkbgA==
In-Reply-To: <YT1PR01MB41873C15B6ED0600842D58FBFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=Durham.ca;
x-ms-traffictypediagnostic: YT1PR01MB4187:EE_|YT2PR01MB8615:EE_|SN1PEPF0002BA4D:EE_|PH7PR01MB7607:EE_
X-MS-Office365-Filtering-Correlation-Id: 16a65f0c-e8e8-4a18-96f5-08dc2e4a25d1
x-ms-exchange-senderadcheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 1sE8+E6EJon9GKAGxlGeKg08q22IQMciXitM6Sm82bGjsITqAQwPu19RaMMZDylmHDoqW4GVfP6Ba+eghalMTbA9aDgyjM9EsiNbSyXSglEgoMzEBZgAQ0z0e5M9XvqPiEXSTtZZn/UGCiZ8ma19Z60EjbuZk54KbhdGA9kdZnigU/PyUkt8KzlzaA/qaJHQlNQezfyIpiRpqDSrwlyDYHQtpMULc5OoSi5Ak9yqKLHRfhSBeviA+1otVw4OMJ4NB8m1y6fZwtmeQI4JhDaO5wIDDod8KwN3cxI/HxtyDiuBuHvopmT8hxyIjpwy5EyvEkobM9iXQutjy1KtwDgg2b4/tOMnDmB0ZJQ3IoT1zVU+Pk0KMYlf9Wbd9KcPJcTcD/1kaFArrcKTMw75EllVOdRK93MkgDwnpHmLgBnB3S8sE30/QdBbI59vOToATqGK9qJK8+UouCjHb2rG9vdnwF1RTULz+pRk5894jhv7PN/AZLlaOhbsVnVOjA0vg5SzOld0KnQuzrUk4k6IhFeNe31bGrwXK/PX1lbHiLAey20OvnTeseNXoIfs7m9PAvhB57DZ0l63ST8DHYF06fjb1pTrl3rdsZ4xHraIrqgQ8KMo74Qq+JoAK1xJ0Xb0aPUt60W2R3Lmsq6XmY1kBbcK5w==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM;
PTR:; CAT:NONE;
SFS:(13230031)(376002)(136003)(366004)(346002)(39860400002)(396003)(230922051799003)(230473577357003)(230273577357003)(64100799003)(1800799012)(186009)(451199024)(38070700009)(3613699003)(83380400001)(2940100002)(26005)(52536014)(41300700001)(8676002)(8936002)(76116006)(66476007)(478600001)(66556008)(66946007)(64756008)(66446008)(45080400002)(316002)(9686003)(110136005)(7696005)(53546011)(6506007)(86362001)(966005)(71200400001)(33656002)(38100700002)(122000001)(66899024)(2906002)(55016003)(5660300002);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: 1zvvo78+dNb8anvNHsJlG7OCYf1gn6yKGGKTw/x1wFg5+
xa+0yp6cUsKnjCuEFdFPcxsfIu0x5/FkhYuXWjejaVCuM
rF/QIYZr9YFvyu38nTVQxaKpVUGhNBpUKX43yHiOcsdvL
k73pImnhFgmSCgzovzO3akHwVa8vT4WAmhkVCTJrUpBqt
tjEXwcb0SxTySJAQVx7rOMEFRTSDfd5YfPg0qrTdfeGcN
daQcNOX0UbDHAbikYK0a7jV7LwYrx8K0j6NLWB5iAp0CU
bUJGF5NIygoHyDqp78ICcEAxtd5tFD5RzaTTSeelfFWl9
diWO+WbmfXRw8bGOQaqDqHREN6owhkz36zvkwpGI5+gnR
oC9x/Rm8GVJeHq9bTkB/oO1TXKF8KXkwmNZCctN4C3JvV
8+Vy2ho7NeHa6QhPThWTNwX3cwwDixVT5xVYD+FAcMgol
tphpteWw7ZGYhoIdzubowob5fQBrXF95eYyyEVyYDAoH6
IZ/EziFwdGCEKzoBpveCvLUQF4Cl7byKNs4quObAULy37
A/BRk1NtxwXAKoF8fRB+rhL3camrdOV3VbKlr/xGAN2Pf
aqRMcHnMxbxGScpnYzEtgh5GC/1OdRgwsO2ef14HnqRmD
teRAHDrOQZ9hSepg7/P+XPmyqndKVXpc5101+OFOhK2UF
xPH4dfVWfIUvj8rSalbCMct2MGeJ6EnoUiu1vTZIWNyge
KsWzZYYI2uhOUwe64pL18bFBRIuR0UAQ1YEcjGmxhWHlG
zyUOd4EaB48506j+CXxjTdxdTWHTT9zEWFcGgWuS+i+Ql
1QTgdQ8bIKwnZBAaHdtsz2xh833/yI7PTGBchudSqEdDb
iu/6gSxRqy4r0gfSZC4Ai/RYV2QogBcLhOhmQLUDr9WME
Ka/5KWiMiw6uWx7cZ56Obg4eFL6zx1BanasvMCoGfQpah
vsGuJK9h0whLp34BlfX3KhP0qrY9dgjeoPtDIcIfTcm0H
xF0joG2B3LS+0vo5NTSGal/yBPUmccJxZPn3+8F/MhtNG
+wEnxXlt0KNhu7dl0qPJtMTnZNmkVFXRi6fKLnnSR8Icp
pKHWZMmrUsV1kLlHKt6os9RxtJjZuF1wqQK+RomkLwUuc
MLJUNTX1EtYCs5Bijd/3Xuv5qvogBJ4GIRlP746qEkmR8
ke7iXrkNnzxoaaXLqS4AbTQXr/PHBFpFxPeVPn2P9o7Gj
z+pzNhGKlKbSOOaWGDIIm1GP0PwCcguxrOm6dysLUZDRY
iDd1GZePtfuaE50DiD2BPhPXALtjiZ4c96DxKwMfelEYf
HNneiqtBbV4cX5is8YGy785a95hQKw8apZgByLnHNajb4
ilsM1Q7gAx85Y0le5AJtqz0zI4NIIubzuTMuVFVjxaldZ
eZ7lK3YMim6Z9/ldf/3CotF8ftoOIyv5wTsQDp87HL6g0
kjVGx7Nu9sxhnoX2ikqG4KmTKv4fNDsCqH4LwM2uaEwRN
ot6GMgIJj5sGKJs0RocV+8EZYxNkGe9+uiNqUVWYt1ZNT
ReS7Ou3y6mELGbiXTn/KLFgQAHeZ8VRBvPwKtU+WWqdQx
EXEO6h2OxKjSHhBFadqrLzasC3NRhQqJNSq+y9vAC1RfY
rA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YT2PR01MB8615
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: SN1PEPF0002BA4D.namprd03.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: SN1PEPF0002BA4D.namprd03.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: b6bd02b7-7af5-4aeb-aff1-08dc2e4a2415
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 3PIdFVdg+QOrkIdP8lgHuZAfErIyIFCALWkUE8VO1LthS+z4dnacTXv+jL3zQFhY0EF9ZhPRNnsDjL9S+hqx5tDVAfTdcjwBLt7a9TJN5kuFxj5SaP3+8KCqIVrQGYjtyi1R98/6H01lhzT6S67k3rndpHR6gBUTz83KYzr3mivpUzqJGAWOf0RgPZPGowsYnY7qSfcVzzjiHJNQeeUuAE4ih1f8trxKbfK4c9Y87DJmCHfQ3DXZXI03bj8I8/XQ5yEHmzIf0hS9vI4AMm5ZcYmlcb/RiFYuT93lqreB8PThnStLKBerVjAbdw1qUIFOuhHmTnE59MuxQf+aqDrvva7mQulmQrhklDtB9b9dRlsc3Yj7L8SyF2Hl2IuqlrUHaFOLXSY1sgOfmT1qES66fuCyok+OtW/cRfAxeWz33kzw9a25ULM27UEQevQNSVjGvkljN7zgUEKosr4D40+/0VtvmsqK7PYMJnJRMsTnsoxR0BMjDiS21zd3P2y1gzTXo6S9USnMeBE2OxVMEI2n/KqTTQW2il/XfT1e2BLF1RVnS7/r+M7Zjlu8sY7HxUp18hXpdM4nQkwrj/1kxbbr//tWnBE9pAI53sQHoAZHXoT2OV2xqtmhtEi16YfvGLueyulOjaTIX4zbDxMPE8UAhW8sLrkwZvoQqKaOKp5RcvjVirgZ/IJzj7DlnMDGLXAX
X-Forefront-Antispam-Report: CIP:40.107.116.139; CTRY:CA; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:CAN01-YQB-obe.outbound.protection.outlook.com;
PTR:mail-yqbcan01on2139.outbound.protection.outlook.com; CAT:NONE;
SFS:(13230031)(4636009)(39860400002)(346002)(376002)(136003)(396003)(230473577357003)(230273577357003)(48200799006)(451199024)(64100799003)(61400799015)(498600001)(110136005)(53546011)(6506007)(966005)(9686003)(7696005)(26005)(336012)(2940100002)(2906002)(5660300002)(52536014)(8676002)(70586007)(68406010)(66899024)(86362001)(3613699003)(33656002)(316002)(786003)(83280400002)(83290400002)(83300400002)(83310400002)(83380400001)(83320400002)(7636003)(356005)(55016003);
DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2024 17:18:37.4999 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 16a65f0c-e8e8-4a18-96f5-08dc2e4a25d1
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002BA4D.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR01MB7607
X-MIME-Autoconverted: from base64 to 8bit by mailman.mit.edu id 41FHId6Q050309
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <YT1PR01MB418759BF87C15F508920501DFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
X-Mailman-Original-References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
<YT1PR01MB418788B7045DF1E5B375143FFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB41879A321B6419A0CCAEE830FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB41873C15B6ED0600842D58FBFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
 by: Brent Kimberley - Thu, 15 Feb 2024 17:18 UTC

At higher levels it falls under "Non Destructive testing".

-----Original Message-----
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:12 PM
To: 'kerberos@mit.edu' <kerberos@mit.edu>; 'kenh@cmf.nrl.navy.mil' <kenh@cmf.nrl.navy.mil>
Subject: RE: Protocol benchmarking / auditing inquiry

This approach is taught in first year engineering.

-----Original Message-----
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:10 PM
To: kerberos@mit.edu; kenh@cmf.nrl.navy.mil
Subject: RE: Protocol benchmarking / auditing inquiry

Ken.
The term Frame of Reference is a Cyber Physical system (CPS) term.

For those who work in the cyber subset, the term is "interface".

Regardless of what you call it.

You take the system diagram and evaluate using each major interface or Frame of Reference.

The STIG or CIS benchmark is just one of the interfaces evaluated.

-------------

>Minor comment the CIS Benchmark appears to have been written from the
>system administrator's frame of reference - not the network frame of
>reference (FoR). Typically, each frame of reference (FoR) needs to be
>audited. Hence the need for automation.

I can only say this:

- I've been doing Kerberos for a few decades (but I'm certainly not the
person with the most Kerberos experience on this list).
- I've done a ton of security accreditation work at my $DAYJOB, which
also involves Kerberos. As part of the accrediation work we (and
others) do automated scanning that includes the Kerberos servers
and this seems to satisfy the powers that be. Some of the scanning
seems to detect Kerberos but I am unclear how much it actually checks
for other than "Kerberos is found".
- I've used the aforementioned CIS Benchmark.
- I really have no clue what you mean by "frame of reference" in this
context, and this corresponds to no security accreditation or auditing
requirements I have ever encountered so I cannot provide any
suggestions; I'm really unclear what you are asking for.

--Ken

-----Original Message-----
From: Brent Kimberley
Sent: Wednesday, February 14, 2024 3:24 PM
To: Christopher D. Clausen <cclausen@acm.org>; kerberos@mit.edu
Subject: RE: Protocol benchmarking / auditing inquiry

Minor comment the CIS Benchmark appears to have been written from the system administrator's frame of reference - not the network frame of reference (FoR).
Typically, each frame of reference (FoR) needs to be audited. Hence the need for automation.

-----Original Message-----
From: Christopher D. Clausen <cclausen@acm.org>
Sent: Wednesday, February 14, 2024 2:10 PM
To: Brent Kimberley <Brent.Kimberley@Durham.ca>; kerberos@mit.edu
Subject: Re: Protocol benchmarking / auditing inquiry

[You don't often get email from cclausen@acm.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

I have used this as a guide, but I think MIT Kerberos version 1.10 is the latest available:
https://www.cisecurity.org/benchmark/mit_kerberos

Not sure if this is what you are looking for or not.

<<CDC

On 2/14/2024 11:46 AM, Brent Kimberley via Kerberos wrote:
> Preferably something smaller and more focused than nmap or OpenSCAP. 😉

> > > > >
> From: Brent Kimberley
> Sent: Wednesday, February 14, 2024 12:44 PM
> To: kerberos@mit.edu
> Subject: Protocol benchmarking / auditing inquiry
>
> Hi.
> Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
>
> For example, SSH:
> Manual
> Read the RFCs and specs.
> Semi-automatic.
> jtesta/ssh-audit: SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (github.com)<https://github.com/jtesta/ssh-audit/>
> Automatic
> SSH Configuration Auditor
> (ssh-audit.com)<http://ht/
> tps%3A%2F%2Fwww.ssh-audit.com%2F&data=05%7C02%7CBrent.Kimberley%40Durh
> am.ca%7C8eddde16708448e6cdb008dc2d907d49%7C52d7c9c2d54941b69b1f9da198d
> c3f16%7C0%7C0%7C638435345797172606%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&s
> data=ydwY2y5%2FxuZxJavbNQw877yOmuFuVo3DktJr%2FdFA05A%3D&reserved=0>
>
>
> TLS example upon request.

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor