Re: Protocol benchmarking / auditing inquiry

Path	csiph.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From	"Christopher D. Clausen" <cclausen@acm.org>
Newsgroups	comp.protocols.kerberos
Subject	Re: Protocol benchmarking / auditing inquiry
Date	Wed, 14 Feb 2024 13:09:34 -0600
Organization	TNet Consulting
Lines	30
Message-ID	<mailman.18.1707937782.2322.kerberos@mit.edu> (permalink)
References	<YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
Mime-Version	1.0
Content-Type	text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding	8bit
Injection-Info	tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50"; logging-data="15436"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent	Mozilla Thunderbird
To	Brent Kimberley <Brent.Kimberley@Durham.ca>, "kerberos@mit.edu" <kerberos@mit.edu>
DKIM-Filter	OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results	mailman.mit.edu; dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-mitprod-onmicrosoft-com header.b=grouvYKz; dkim=pass (2048-bit key, unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm3 header.b=a5VbFq17
ARC-Seal	i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YkH7sbYC0uoi0PmtFpNYOX8Syp2HH8EtfPaXWLem7XC/wH//gZw3/P7SQNWHM/579tdKW+7BlPKIXnZqeeS5DvxL5dwXH/544fnu9hPbbEdVc7QWxWe//latNz6OYK3vVa+aCFi607SJmielhm5mbRILM9MBFveHLBkwIMvGs7jGgDPBYLJIa5QIReYZkkOC8Wiszr8N95je1Ifymi36pMNBN20qaLBhZX701puiuj/LTz88Xp1csTbym2TFjlxqo//IFmSknk19QBkga4/5ndtm54jxaC6UPevuYruKutFhA4lnlJepJefiWBPMgDDgCUbkc55PlurzCcFeI+rPfw==
ARC-Message-Signature	i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l4JL/TZtbBFkeLtMVSmJbnEXi8XJrNb3Bid4h6q6ym0=; b=Et5PGlIqStz+EBzsOwOu1V58H46dCpWRh8DHcnhclq5ZHsZWh1px71CGEcb0LdDsDUa4LmM8NDbf74Pomc1pXzxbuet7u4kfPO21TKx7QPFBrSvbYQhubLO3Yuy4yrvhM+3uY3c3DR6PQy1ZAU9AYCJ2F6RKeu9mUzwu15AYQxgnsG0t01mNL28zU76agvDYMn3Nv44kznHq6dlMk+jvTs0wJyHF0kaem7DEGZxn3x8bDUeEpSL99CJETmEdo6h1LRg1srG9e3MNJbDtna3FmeedLDQegYvEui5uxY4NGd4vFLRWTmFTBkQFUNY9Xh9WxsNfOih7tycvkBgVOz/Xbw==
ARC-Authentication-Results	i=1; mx.microsoft.com 1; spf=softfail (sender ip is 64.147.123.22) smtp.rcpttodomain=mit.edu smtp.mailfrom=acm.org; dmarc=fail (p=none sp=none pct=100) action=none header.from=acm.org; dkim=pass (signature was verified) header.d=messagingengine.com; arc=none (0)
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l4JL/TZtbBFkeLtMVSmJbnEXi8XJrNb3Bid4h6q6ym0=; b=grouvYKzrbEvJIK0wlwtltuOG1QakWDXoN2/WARkIMQXll9eWgokRMa0IuYlfZYKiowrudqvLxyKIZ+nCNJErto7oKujoGLII7YTPJNrnZz8l7A9346Vw0LdmpD5f2+BsO8tGaqaRCgw5C5I1iRKg0xHoEgPTYQcZjmusqhhqwA=
Authentication-Results	spf=softfail (sender IP is 64.147.123.22) smtp.mailfrom=acm.org; dkim=pass (signature was verified) header.d=messagingengine.com;dmarc=fail action=none header.from=acm.org;
Received-SPF	SoftFail (protection.outlook.com: domain of transitioning acm.org discourages use of 64.147.123.22 as permitted sender)
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1707937776; x= 1708024176; bh=l4JL/TZtbBFkeLtMVSmJbnEXi8XJrNb3Bid4h6q6ym0=; b=a 5VbFq17XXNp+APEx9HG8Dtb4s9wyvzYXck1MnAwW2R00/wxkl/9Vj+sHc5uB4E/t RakdcbQj1issz3N+uzOQI4sNoExROIPvnksPIs+bzyncdBUndhsJ1JQ8U+criPtq /z88tSi+hUnILWvFS6XcfQH06JRULCUV2FL0Q15Gq87NxPqRRyKmftcU/zk/LzvF VnGEHniVcPX1vQQ6Tz+YCBVybpv/EYSq33oH/pl44S79gjcj6gjixmGx8qAVYt/N P/eRJholwByO1i8/A3OlK0ya/3eJZZifLVLLdY47Ec1Oh9h0P2KZO+4lnvLkX+Jy WoMIf3yhq558CT/sEzPnw==
X-ME-Sender	<xms:7w_NZVWCFaqtcs-75TOFcxUtm1S1dxLbpftEsh98O8MFkcxGlIyZBQ> <xme:7w_NZVn4kuIy_lpCCUcFEJMau7Q-YR5GPaY1UJPf6omhatxXE0f9cN9JmYAiKUFrP i24CliuTTs4jAhK>
X-ME-Received	<xmr:7w_NZRYMIJtYVfei4DaRRBZ76DG3Kv_R11SeP6b263p1KZZKTxoy6PA0a8Yw0TdQ5gSX3g>
X-ME-Proxy-Cause	gggruggvucftvghtrhhoucdtuddrgedvledrudejgdduvddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfuffvfhfhjggtgfesthekredttddvjeenucfhrhhomhepfdevhhhr ihhsthhophhhvghrucffrdcuvehlrghushgvnhdfuceotggtlhgruhhsvghnsegrtghmrd horhhgqeenucggtffrrghtthgvrhhnpeduhfetueffhefgtddvffejgeevudegieejvedt veekjeevvdevtddtgedvteevtdenucffohhmrghinheptghishgvtghurhhithihrdhorh hgpdhgihhthhhusgdrtghomhdpshhshhdqrghuughithdrtghomhenucevlhhushhtvghr ufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegttghlrghushgvnhesrggtmh drohhrgh
X-ME-Proxy	<xmx:7w_NZYVVrFTsXYPEqbLn0IpIeDuxQgcWFgHjyWXLPuvfGMXxfNpDtA> <xmx:7w_NZfmrFUtP5J-Cuu1DLkX0iTHWSdT2gX20-ZFzRbRAXtHigGvIAg> <xmx:7w_NZVeLLmmJ03Kg2qr_qEOgUe2xA3DylN5v_Lg8oXnA3v_UBOSiRQ> <xmx:8A_NZYjhxZUVkUcwr2a-ZdtcwJLSsXj1quzNZnljIlCddSNUEg-cXnJZgbw>
Feedback-ID	i42c441e0:Fastmail
Content-Language	en-US
In-Reply-To	<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType	Email
X-MS-TrafficTypeDiagnostic	BN2PEPF000044A2:EE_\|CH0PR01MB7050:EE_
X-MS-Office365-Filtering-Correlation-Id	1ec33061-d62c-4f16-36e7-08dc2d907d1a
X-LD-Processed	64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties	SA
X-MS-Exchange-SenderADCheck	2
X-MS-Exchange-AntiSpam-Relay	1
X-Microsoft-Antispam	BCL:0;
X-Microsoft-Antispam-Message-Info	KbiIKp6JHJw4KULA+SNlr5fhU9bchJgDt/L1g62eG/RflzPiI9DtSUgijIG8KCfTn4iDXdZHX+LA2ojwDcCjk62d2kb2kPhnoxtkuI2yOxLD05ycWrmga1HvWk1mI/hqC68Y/VLaxHv35ukTsup+Nu+38fEyaHu8qZiRkAaNMllihCfJL4vXMUll36Ry1FQRY40ir0EtyRuSNnoWpGCULbqBhJc5F0OghWQNz7jd1FMtbBdqO69oIS2Ab6ID/KpFzMg77+yPx6sSnz0913JdLoTN7VDAp6W8mnG2zDoI4my2jrBR1m3J4/LFR0V59KvDn6ujgPxOWLVy6IwcMcDpAoGl98Ls5vimvEdOvtSmnSma9948p69Ew9gOxcv6lanbfpSlkrxYyPkoOIYC4xvwkQXkIEl2VhzC/aP02VAPprCqp0TL8BmhcVMvKsnEav4VIUmIHV+KHMRp0VXiBnG+gKKgDNfSmjpzJGEYQr9Qb3o68ylGlaLRgP8cJdn8IZQx4N8pmBC2xW6bQbcWo/MOfWQ07A6eo3Mb4985zfhUy7DfbLLi7suPcZgKH0quywEcGdtEFxgGMKOku4/L0G5lg63Dvf6c2iKgGligNsLw3QbJdBxsP795jJ0+0blooYpdsFQy/vS2Isyv2aRkOaGIKeDDYXc/oVNVfNJmprT/toyFRhUUm6cO1+kuPMhH9Y+t
X-Forefront-Antispam-Report	CIP:64.147.123.22; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:wforward3-smtp.messagingengine.com; PTR:wforward3-smtp.messagingengine.com; CAT:NONE; SFS:(13230031)(4636009)(136003)(396003)(346002)(376002)(39860400002)(451199024)(64100799003)(48200799006)(31686004)(498600001)(966005)(8676002)(5660300002)(2906002)(4744005)(7636003)(86362001)(2616005)(42186006)(110136005)(53546011)(3613699003)(786003)(68406010)(70586007)(316002)(83380400001)(6266002)(336012)(31696002)(356005)(6966003)(7596003)(26005)(36756003); DIR:OUT; SFP:1022;
X-ExternalRecipientOutboundConnectors	64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress	DR, OOF, AutoReply
X-OriginatorOrg	mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime	14 Feb 2024 19:09:37.5303 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id	1ec33061-d62c-4f16-36e7-08dc2d907d1a
X-MS-Exchange-CrossTenant-Id	64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource	BN2PEPF000044A2.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped	CH0PR01MB7050
X-BeenThere	kerberos@mit.edu
X-Mailman-Version	2.1.34
Precedence	list
List-Id	The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe	<https://mailman.mit.edu/mailman/options/kerberos>, <mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive	<http://mailman.mit.edu/pipermail/kerberos/>
List-Post	<mailto:kerberos@mit.edu>
List-Help	<mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe	<https://mailman.mit.edu/mailman/listinfo/kerberos>, <mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID	<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
X-Mailman-Original-References	<YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Xref	csiph.com comp.protocols.kerberos:5246

Show key headers only | View raw

I have used this as a guide, but I think MIT Kerberos version 1.10 is 
the latest available:
https://www.cisecurity.org/benchmark/mit_kerberos

Not sure if this is what you are looking for or not.

<<CDC

On 2/14/2024 11:46 AM, Brent Kimberley via Kerberos wrote:
> Preferably something smaller and more focused than nmap or OpenSCAP. 😉
> 
> From: Brent Kimberley
> Sent: Wednesday, February 14, 2024 12:44 PM
> To: kerberos@mit.edu
> Subject: Protocol benchmarking / auditing inquiry
> 
> Hi.
> Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
> 
> For example, SSH:
>                 Manual
>                                Read the RFCs and specs.
>                Semi-automatic.
>                                jtesta/ssh-audit: SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (github.com)<https://github.com/jtesta/ssh-audit/>
>                 Automatic
>                                SSH Configuration Auditor (ssh-audit.com)<https://www.ssh-audit.com/>
> 
> 
> TLS example upon request.

Back to comp.protocols.kerberos | Previous | Next | Find similar

Thread

Re: Protocol benchmarking / auditing inquiry "Christopher D. Clausen" <cclausen@acm.org> - 2024-02-14 13:09 -0600

csiph-web