Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Heisenberg may have slept here...

devel / comp.protocols.kerberos / RE: Protocol benchmarking / auditing inquiry

SubjectAuthor
o RE: Protocol benchmarking / auditing inquiryBrent Kimberley

1
RE: Protocol benchmarking / auditing inquiry

<mailman.27.1708019360.2322.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=478&group=comp.protocols.kerberos#478

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: Brent.Ki...@Durham.ca (Brent Kimberley)
Newsgroups: comp.protocols.kerberos
Subject: RE: Protocol benchmarking / auditing inquiry
Date: Thu, 15 Feb 2024 17:49:15 +0000
Organization: TNet Consulting
Lines: 139
Message-ID: <mailman.27.1708019360.2322.kerberos@mit.edu>
References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
<YT1PR01MB418788B7045DF1E5B375143FFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB41879A321B6419A0CCAEE830FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB41873C15B6ED0600842D58FBFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418759BF87C15F508920501DFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418735AB8A1E610D2DEC8937FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="16051"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: "kerberos@mit.edu" <kerberos@mit.edu>, "kenh@cmf.nrl.navy.mil"
<kenh@cmf.nrl.navy.mil>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=QWrIODcy;
dkim=pass (2048-bit key,
unprotected) header.d=durham.ca header.i=@durham.ca header.a=rsa-sha256
header.s=selector2 header.b=I8LHZw0v
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=a/CYxGyc/duuufAwx9DQBvd2ZonQbnLPGfLx1UQqpC0UM5RkgmLK8Hp9Iilsm/rcNovGUi/wwytQo8gxb6epIC/jIzXfY2i9Su883Hc5cRObaSTIT50PqHHqvnOrxqoJapH2OjsFEDO1e7ndyXdNzYQ7LT4NoWTry+B/DzregndP13c6EbrDidCgi2Fe18JqdQhCPf+ADvx4WpsDpSEymF1RJF4ma2TtXzJcHj52Cxnppp5fEb0CSe+GqUpWlYTePsaXJfQwjgurBhkj3DlO8WdZUwjmtO4C4SdCe0RZgbzDmjlaO1I5Jhoe9sP5nCqzdWb0ZUBTQI+lJFquhLK03g==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=WNck6BRzZDSQdYurN53YHWTuMXAixiAhD/dPd28Dia8=;
b=mrr4AifdptReHbYtphr0Lki/p6wvoNcp5uv4ZWg7bSyn/yd+QqfvAop2/qxsyOcqSJzPZpd+KFeGC30iwJusRPu0pFWM2nF3gtX1DXd7bg0LCT3aprwW8x8gvIVncxFWffQzB6dkFC9vBES/vEpK3K3MCYBChwd3WeFddssJKICiqGbvjYg0Iz7IXi26S7QOmhYahfd8BLvEdoOQY032JCGq+lxVdAntE13trlVLynw2+pgV2MT9WfjeJ6weQtej8gxdwUv0FTfnKp0lxA2TlTuWLt1YnaHrrrvo8s+md2zXvKl89bZN02F16INwE69JqbclHamPD/oI4W4gVo0kWg==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
40.107.115.138) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=WNck6BRzZDSQdYurN53YHWTuMXAixiAhD/dPd28Dia8=;
b=QWrIODcy2daoL5jHWFWlabUxC4u9v2ys1zTE+mfMR8WwHya60h6+nC5ewFTH5nFcyeZBkkoFuSKDerjjo7JCr3ZfvAK6uq0VxxD+67mj6/OkkL4g/fKVSV8qdNZ2w2e+bAVkamRPBN/qLpHO0DyHiDMVwIVHeT9ya69TEDfCV1s=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=cQWMy5ytgobvd3I8MTPuJSFYcLaQU0TLPeli8G5LsTcYAHYCiXIuopt4xpwfTcfFYycMuC/E2vW69W9Hdkc08YsQSxMld+mvkgj+3UV4I4Wj3mtqeAUb3Q26DjpCEoTutypst6mm3AiSyj/CYs98cD4ZoQSPdl+Rbj4GilBAyHK/kHhFj2hFbiZR3CnIvhHtRnRzwkNaX0NWeJDKQCFzZUK8bwFmAGJ//aJvqRdrfeiXmZhj9frsih/qIm/pOtpg+sb+iKxaHvjrfjpR2f732lGB86IcC5DN0e+G7cE354YOoSRNLSIA1d13G7mVQ891bKQr8Lks6gp7H10LCu5d9Q==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=WNck6BRzZDSQdYurN53YHWTuMXAixiAhD/dPd28Dia8=;
b=XixxepJJXyQnfTepV7lR+0irP0dpqCqhms8B1mLl2FjEVVQ+DE2ZbeUkVvI9Ghxh4fOCYfSZkMrsqhlE8yOqrvJLfOaUKep/XKEQHvpEUp+3JpRKObAr0IZMnEsHe47BhrImg1/0GUPo9p65md00eKqDKlWlfYh1EuJBkdkQRhuWYVCtW0nCCfPHmxho4op634ifSAzwsrHdCjDPPWzyW114UDVUtipJ8DVETq7fVeV/+IxUzn3B3+PbMVqT/H6k1/KijDNG/SGOfCt/N2BtbLaw1u+K2vMBKsb8ou8Nf/qS9TBOPM9MfAEZ+ijk0bAMbgt7REW+zi6+Ea+dHjibLw==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
40.107.115.138) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
Authentication-Results: spf=pass (sender IP is 40.107.115.138)
smtp.mailfrom=Durham.ca; dkim=pass (signature was verified)
header.d=durham.ca;dmarc=pass action=none header.from=Durham.ca;
Received-SPF: Pass (protection.outlook.com: domain of Durham.ca designates
40.107.115.138 as permitted sender) receiver=protection.outlook.com;
client-ip=40.107.115.138; helo=CAN01-YT3-obe.outbound.protection.outlook.com;
pr=C
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=YzhE/savp0aUBlGDc79qlHQux2+vrJhJbE0M4F1vVkDKLH2hamG+qdyVOHCaiHtKKz4K704KcxAvCu0CwpM5rHrmCKcho5t5QTNaYafkqHzHxOOFi02HTsJJBPnzAU3NkojiVXPm3uzWiAizTt7/b1s4eBS2YITWCClwkdrT44NuUZ6nQmjVQltpLzUjEa7Merp2GxmxTPjRxJMeA5ctmUJkw9wz3K/cpVy3yZqDglqZufi658+iUBs42uDC00ZQvJO8Bj3u+xQ6Kfq4/juss17PLFv/qpCr7BUIW+oEazunfZYHhjumD6oPARyvW7Sm7FWZEpYoLnGEb3SWGNgPxA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=WNck6BRzZDSQdYurN53YHWTuMXAixiAhD/dPd28Dia8=;
b=Ob6I4Vzn8fd1emut3uCwOWYkmvSeUV9lmJS+KJ00kVmcKtOQkYeRfEyKqyC6evod1JURjKtqwnT7Sas6CvdGKAy7LS1+u3cHChypR9ANJNn5QM5sCBtonoob5+tt9Q2CkSIF8yTTz6tYnbXU/skhGc46admOaaCoHKDYA29IVxbT5N5815rn6ShHm/y+M66vwPBZtphdtxrVXjxbyF+aXgkouiznDvJDYCdIdmgZL9Vb1VWQJjbFaX2HZi4l5uVvmnePV7QYldxtbnkeQTS0LOh2HYl+7HFu4cerA0DS4rISWP0pLWR1z+G4aadnqAOChe7lJT+ZPghtzlEJ4GSDVw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=durham.ca; dmarc=pass action=none header.from=durham.ca;
dkim=pass header.d=durham.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=durham.ca; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=WNck6BRzZDSQdYurN53YHWTuMXAixiAhD/dPd28Dia8=;
b=I8LHZw0vWTdNkgiRh8QLymQZYplrsg+Z9NHfSM1bsEGySxb2yUT46pC1xD/MOvZXqLogxyy1aabD8IHBNdJ2pHqkXYZ1Gujg58eOzdY3epkQUGgvtzQnRu8VVXqBwEngFdQTvr+1rkxxwDhJJVPR1FdSiAny7fqrUaeUK7k352VIPG4RuK+/J11ylM9NHylyVj/mrW/fZV+s1TMnyuBm3PUINEJqE/ckx4t8jmL3TIXQldpLhqMmye7C0XzhZoKEycPd7yah8Q2JYWhT1erCjv7Jyw4DplWBoeBT1NtiO+rZAIPg/VCamw92+jMTZOfiFzeCi7rbt9C9yaAFzVZB6g==
Thread-Topic: Protocol benchmarking / auditing inquiry
Thread-Index: AdpfbJNnl5mSPDfJShm0AzMzygkU8wAASQPAAALoPgAAAn8VMAArbSgQAABAtGAAADkbgAAAiFkw
In-Reply-To: <YT1PR01MB418759BF87C15F508920501DFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=Durham.ca;
x-ms-traffictypediagnostic: YT1PR01MB4187:EE_|YT1PR01MB8379:EE_|CY4PEPF0000EE37:EE_|CH0PR01MB7033:EE_
X-MS-Office365-Filtering-Correlation-Id: d23ed48e-8344-4a40-c6ce-08dc2e4e6e5e
x-ms-exchange-senderadcheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Ez5EAF7uCsE8OFNYT91yfPeHWPHhTIt4STo5FDNg+mo4NE6/2xRnYJsqbAoey4lBGqt6pnJMIOsDH2OFtxsoA+1BDP92ym5MDVahPkav5kzzy1zdUTXXbPgIHEjG/qLHaHJxfM40d3rskFF1HU0Z/77QqkpS7iTD8rXVx0gvwubNyBMVAXyK8VTHsDP/mThj0BB8XhY/uOk4/WWdPNJ04/Ejw6AsAEA+2t8gReOJ1HeUPULfA10Qtjh7iLhNje/j9dVTgKgPbZjsU+/YyclZXeFitS2e9cjbu+rPS8Ok1rI86VlENRKHLnbtPHu8+wFO1NMix0KIwT++a0rZiLBHeCwBKlkdeNwuNjNOnX9vyBiraoWXwnYLYPlI0v1EJS1rIp5ETTlCOgxu7ixyUlR7EZHHKojq553Zh2WO4ivsubz0bIwK0kzsMe865bNsN/XC6MtTk5vjL51l7JrN9DTrtgBpkPdvIdFGRumva3tLWjSXisl630MPB8Q9ws4f0/zHljeEu+NvbBvNmJLoJ6q9RuDaU1s9lSYWBYyQ3FtZIZYLop+fOtsyjJBuR9wrUB8B/JIHdhJXhPBP+4eJIhTsU9MPvZCuroRZZBDpTofpfYQe+olOtOjsxd1xAlub2DC1VJIWy0lgYxolVrZYBei3HQ==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM;
PTR:; CAT:NONE;
SFS:(13230031)(346002)(39860400002)(376002)(396003)(136003)(366004)(230922051799003)(230473577357003)(230273577357003)(186009)(64100799003)(451199024)(1800799012)(5660300002)(55016003)(66899024)(2906002)(26005)(41300700001)(66446008)(8936002)(66946007)(8676002)(2940100002)(66476007)(66556008)(7696005)(53546011)(52536014)(45080400002)(9686003)(76116006)(38070700009)(3613699003)(64756008)(83380400001)(6506007)(33656002)(122000001)(110136005)(316002)(966005)(71200400001)(478600001)(86362001)(38100700002);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: v/2ROxyJuInpEVmiksFyofFIU8wXUzyQ63Y5fJsebxZhP
Y6iprTK+bPojmbqSf9ijUFXY5rmOLZtJmVd3zWh8EVI9U
oLrAitJuWFahsSZiX1i8OlfX/NkX+izqYNNk4mcVxL6/R
GCzrfIBKiGuOW3NfogmKyMup2r2W+Ex73o9PKl/Lh5iOH
QmKHUKupEmps5iPgfhtWwOZz3ZNT7iSszUYgYEysQ5LXh
E8sfui91yLLtQh1/K9Csjx+OJckd6Rnq1hiFB0v68X2aN
S94K5i/lbIzR9x6RQI2nejo87rsJGixaktLdTYq9yhitu
hUPTtT+cLZSasufdmI5+zDpZfuIgjkzpP9v314Czgjcmv
tXMhPImOX1uC/2u/SRezwIjIj7DQyPRVPHPtJ0r4uSw3P
gdF1neTugwrL11uZJ/wUkMOk5Gu44MIzugNsdRLnFa7Cb
HOZO4pK0oXqpj6ESf5Ot7cGUa2E3S0RAjGkgzDcTg/OzS
PUJTLKbIxs2Qe9GcOS4dXpQWf3HcYHs5Vult+YboOhET3
mkxdpaNuPeQ3tZ6iiXhKWmlfZqrjzoQ51R5gscw+ebY/t
idIrcgYvgs4Dxuu4O8S9Ve8P1SNdhW3sqjNab9y1eYXWN
DdENKwhzFb6V3r7eOeNWoBK5+czAEo7eM9pJK0yTIdcI1
wwxcH8s0Mh5WBr0kIiZFl2LT9sLIoxuOF+8tD/pH9FuWo
ivZT0J6t/jPELNOOH91Zx40t6iLzLKyrIkOdDBOg/eC0U
RJQVjxZ8aJ4EOOHvMTrsI2pnusZsD4NjrMTkN+8BApoZz
5UEvikyeT9RIgvgylaX6dW9JYyIo0Obi2ucGEHp/83eai
3jGJYY7PQwNtO8DgLAjnNdwnfkjQ3C9UpdGNv73YmcuJ7
7sD4t/aa/MV/3H/B31jRGVLzTXfrVylTM/lbgUt0J7Nyl
1acl9Prc0Fut/q7uK+N7o95/j7b1UPokJ28iwSjLVoO4i
6Li4tTnznlw11Ha/RPcqRYX2GSjzqaTUGUyrGsD7FMWDn
5Hs+YjQMd2YdzqGsZM8v2sG2M90MuhChNjo/tGsmRaFU+
QhDraXNgKFDJwE38lzXdvk+YNLfYOnPIfkjWbHMoUAUzo
e075aOzzP3YDNcqCpO5CXy4C51pRI19zUJX53Xn5rGmwL
gO4goqS4DqUxcqtdzi4muDUfOzgM2+1+KAO+CX/1WvxQO
O6yNw4Qmnz4iPjNqtv+dU6lWGtlq9KuZDIBzxeqDqWuLR
wx510LnUTJLOzhMmipet2HtGeY20vQmOlbGtnHgDvfPp9
J5onmvnj1o4ivY1Reg6gZa6h3Rw+OYKoVLcOb3he2aa5I
m++oVJOnPYwsOkZCsJptfA7JpwO6XaTNUdPchPzFUJxFK
pa0sa8h1FEvtezebpS3qOXXpC8qGykiz/RXXpFLLz5s65
4RYYX3Xh21mkkLOYMKeDPnPPwPVYqtRRBp0U1po+wlSQe
eDO9safK8b3TDLhXpvrspIimzDmbF4cLsdou06dcq8wbq
HHJ84Qsjn3VAaqqx3IXyzwKM+5S3awsFr5ysoLBiLjrh3
DMBL7XOU6jaNrf1AVsNhZ9Xmx1TxWmQc4t+f677NNJavl
dw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YT1PR01MB8379
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CY4PEPF0000EE37.namprd05.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CY4PEPF0000EE37.namprd05.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 1450bcef-6b3b-4c55-f4b3-08dc2e4e6d2d
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: i67NtarwwHLG0Vmqazy6JTnR+c0dnoLpWMn6nOre4fnsW795uvj9KiETBD9Qq/lHntSvoNpPd6c6uv/0841kTzw27imXJ6kYr0rYTozh+iy7hNB9XVVbVlWFc9Wxzs+W7fEaRvfu8dnseZ3i2jasTXIYlxCmDbQ3oQNQKrcIVeTj5WDyDnhUObv0ByHlRzRbll7WmVwlUxYh0CGNF2451xRyzjNnsEhRHfRn5cjlZfdrFnlXo7/pm7r21p/WwMA3Kjuaw98ufc8kjzMwrKaeQnb4TDOAGw5PyYmHEE7/SgrQnim2uPtpg1slPX13YfOblFeNhA0jogYxk74TQYlYQunWLh5qvdHCOMv9fmKVKJv7yAv6c2QYezFpwFCWNiJ0lHlrW5120J2EutdcyCCQGcj1McEPPiF8CP8mWKvx/jdW0sf2P/9W/qf6KoSmhAaYWuAcInflaK0FCRsiv2QFDfWaVSH/gMS5Hasn1V6ffOjlLzfmpcsAB+SjNshFYG4RBecA3HIQ8/uj36kPbYZKmYY/KXAKE0hxIXoZLWoFHlhNDqcanntzZm83Eh71v3vr3ar0J491QATWalMhlLSol39HyE5MekkB+yuxndOVMnribm8XMmWMEiCBfEdJEWyigPh9KZ6RwKVlqujCAaNh540qjfKwMLLUgcd6m0zasKj3g3ehVj7JITsf+q1I7ls3
X-Forefront-Antispam-Report: CIP:40.107.115.138; CTRY:CA; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:CAN01-YT3-obe.outbound.protection.outlook.com;
PTR:mail-yt3can01on2138.outbound.protection.outlook.com; CAT:NONE;
SFS:(13230031)(4636009)(346002)(136003)(376002)(39860400002)(396003)(230473577357003)(230273577357003)(64100799003)(61400799015)(48200799006)(451199024)(33656002)(110136005)(83300400002)(70586007)(26005)(2940100002)(498600001)(9686003)(83290400002)(8676002)(83310400002)(52536014)(68406010)(83280400002)(83320400002)(966005)(5660300002)(83380400001)(316002)(53546011)(7696005)(86362001)(6506007)(786003)(356005)(7636003)(66899024)(3613699003)(336012)(55016003)(2906002);
DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2024 17:49:17.1455 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d23ed48e-8344-4a40-c6ce-08dc2e4e6e5e
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE37.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR01MB7033
X-MIME-Autoconverted: from base64 to 8bit by mailman.mit.edu id 41FHnJxR060866
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <YT1PR01MB418735AB8A1E610D2DEC8937FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
X-Mailman-Original-References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
<YT1PR01MB418788B7045DF1E5B375143FFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB41879A321B6419A0CCAEE830FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB41873C15B6ED0600842D58FBFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418759BF87C15F508920501DFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
 by: Brent Kimberley - Thu, 15 Feb 2024 17:49 UTC

The purpose of non-destructive testing is to validate form/fit/function - across the entire operational mission/ asset lifecycle/ whatever - contrasted with the STIG/CIS benchmark which throws the real problems "over the wall" to Ken H.

Using the outputs, the lifecycle manager constructs their budget for operations + maintenance (OpEx) and replacement (CapEx).
Physical systems wear out. (Weibull)
Cyber systems fail spectacularly.
CPS systems wear out + fail spectacularly. (Power-law?)

Why is this relevant?

Back in the 1940s, too many planes were falling out of the sky. (Q. How many planes are too many?)
You call this philosophy a "surety system", "fly fix fly", "patch Tuesday", " FAA's approach to the Boeing 737 MAX" - whatever.
Regardless, by the 1950s, it was decided that action needed to be taken. The status quo was unacceptable. It was too expensive for operators.

The national safety council created something called the "Hierarchy of Controls." It was immensely successful. (Planes stopped falling out of the skies.)

You can call this approach "safety by design". This approach and it's benefits are very well documented and might even be applicable to Navy C4ISR.

To tie a bow on this thread:
How can we make Kerberos safe?

-----Original Message-----
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:19 PM
To: kerberos@mit.edu; kenh@cmf.nrl.navy.mil
Subject: RE: Protocol benchmarking / auditing inquiry

At higher levels it falls under "Non Destructive testing".

-----Original Message-----
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:12 PM
To: 'kerberos@mit.edu' <kerberos@mit.edu>; 'kenh@cmf.nrl.navy.mil' <kenh@cmf.nrl.navy.mil>
Subject: RE: Protocol benchmarking / auditing inquiry

This approach is taught in first year engineering.

-----Original Message-----
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:10 PM
To: kerberos@mit.edu; kenh@cmf.nrl.navy.mil
Subject: RE: Protocol benchmarking / auditing inquiry

Ken.
The term Frame of Reference is a Cyber Physical system (CPS) term.

For those who work in the cyber subset, the term is "interface".

Regardless of what you call it.

You take the system diagram and evaluate using each major interface or Frame of Reference.

The STIG or CIS benchmark is just one of the interfaces evaluated.

-------------

>Minor comment the CIS Benchmark appears to have been written from the
>system administrator's frame of reference - not the network frame of
>reference (FoR). Typically, each frame of reference (FoR) needs to be
>audited. Hence the need for automation.

I can only say this:

- I've been doing Kerberos for a few decades (but I'm certainly not the
person with the most Kerberos experience on this list).
- I've done a ton of security accreditation work at my $DAYJOB, which
also involves Kerberos. As part of the accrediation work we (and
others) do automated scanning that includes the Kerberos servers
and this seems to satisfy the powers that be. Some of the scanning
seems to detect Kerberos but I am unclear how much it actually checks
for other than "Kerberos is found".
- I've used the aforementioned CIS Benchmark.
- I really have no clue what you mean by "frame of reference" in this
context, and this corresponds to no security accreditation or auditing
requirements I have ever encountered so I cannot provide any
suggestions; I'm really unclear what you are asking for.

--Ken

-----Original Message-----
From: Brent Kimberley
Sent: Wednesday, February 14, 2024 3:24 PM
To: Christopher D. Clausen <cclausen@acm.org>; kerberos@mit.edu
Subject: RE: Protocol benchmarking / auditing inquiry

Minor comment the CIS Benchmark appears to have been written from the system administrator's frame of reference - not the network frame of reference (FoR).
Typically, each frame of reference (FoR) needs to be audited. Hence the need for automation.

-----Original Message-----
From: Christopher D. Clausen <cclausen@acm.org>
Sent: Wednesday, February 14, 2024 2:10 PM
To: Brent Kimberley <Brent.Kimberley@Durham.ca>; kerberos@mit.edu
Subject: Re: Protocol benchmarking / auditing inquiry

[You don't often get email from cclausen@acm.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

I have used this as a guide, but I think MIT Kerberos version 1.10 is the latest available:
https://www.cisecurity.org/benchmark/mit_kerberos

Not sure if this is what you are looking for or not.

<<CDC

On 2/14/2024 11:46 AM, Brent Kimberley via Kerberos wrote:
> Preferably something smaller and more focused than nmap or OpenSCAP. 😉

> > > > > >
> From: Brent Kimberley
> Sent: Wednesday, February 14, 2024 12:44 PM
> To: kerberos@mit.edu
> Subject: Protocol benchmarking / auditing inquiry
>
> Hi.
> Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
>
> For example, SSH:
> Manual
> Read the RFCs and specs.
> Semi-automatic.
> jtesta/ssh-audit: SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (github.com)<https://github.com/jtesta/ssh-audit/>
> Automatic
> SSH Configuration Auditor
> (ssh-audit.com)<http://ht/
> tps%3A%2F%2Fwww.ssh-audit.com%2F&data=05%7C02%7CBrent.Kimberley%40Durh
> am.ca%7C8eddde16708448e6cdb008dc2d907d49%7C52d7c9c2d54941b69b1f9da198d
> c3f16%7C0%7C0%7C638435345797172606%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&s
> data=ydwY2y5%2FxuZxJavbNQw877yOmuFuVo3DktJr%2FdFA05A%3D&reserved=0>
>
>
> TLS example upon request.

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor