On 10/17/2015 01:48 AM, Rick van Rein wrote: > It still surprises me, but Kerberos is able to send a message one-way > and achieve mutual authentication. The trick is of course that prior > key exchanges have setup links that make
No, mutual authentication requires the client to receive a message from the server. This could be implicit as part of the first application message, encrypted in a subsession key, but it does need to happen. (The krb5 GSSAPI mechanism sends a token from acceptor to initiator to effect mutual authentication, in addition to the initial token from initiator to acceptor.) Without the additional return message, the client has sent a message to some other party, and knows that that other party cannot do something useful with that message unless it is the party the client is intending to talk to, but the client could well have been talking to an impostor that does not know the target service's shared secret with the KDC. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
