Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5253
| Path | csiph.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail |
|---|---|
| From | Brent Kimberley <Brent.Kimberley@Durham.ca> |
| Newsgroups | comp.protocols.kerberos |
| Subject | RE: Protocol benchmarking / auditing inquiry |
| Date | Thu, 15 Feb 2024 17:18:34 +0000 |
| Organization | TNet Consulting |
| Lines | 111 |
| Message-ID | <mailman.25.1708017522.2322.kerberos@mit.edu> (permalink) |
| References | <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org> <YT1PR01MB418788B7045DF1E5B375143FFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <YT1PR01MB41879A321B6419A0CCAEE830FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <YT1PR01MB41873C15B6ED0600842D58FBFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <YT1PR01MB418759BF87C15F508920501DFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="utf-8" |
| Content-Transfer-Encoding | 8bit |
| Injection-Info | tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50"; logging-data="11518"; mail-complaints-to="newsmaster@tnetconsulting.net" |
| To | "kerberos@mit.edu" <kerberos@mit.edu>, "kenh@cmf.nrl.navy.mil" <kenh@cmf.nrl.navy.mil> |
| DKIM-Filter | OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid) |
| Authentication-Results | mailman.mit.edu; dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-mitprod-onmicrosoft-com header.b=UyNHl8Rr; dkim=pass (2048-bit key, unprotected) header.d=durham.ca header.i=@durham.ca header.a=rsa-sha256 header.s=selector2 header.b=EcBKxZz8 |
| ARC-Seal | i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=NZsnWL651WJz4rNVa3kvbTOuJHDm0dtZA1SgFysnzR9keAkR5zAy9TJAXF/aWNBzuHfsS5/nf4u+zLDpCQoHQJOtFpQUANZC09InnehoZ3L3jMXK8TFaFASdA9uBvwsy3C6TJYv4lBpGsP5vsc734F/n3YRwQojjNWCNMGI8MX5EoU6QfTQKz7XAO/eCzPi4cTf7SyQprsBHw8PC3XVpvd5Mpb1kiK1Z/rTj8Ts0TztmN1n6Vd5yTLGaql3wG3BFntLH8KkuKTBpYOaqrnqLOr0T1nHCsh7Z8/PdYPxyafHdu+8EQ9iYeY4936aykTfmR4MP2FXsdKmV9QAMwMs91Q== |
| ARC-Message-Signature | i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=; b=LDiLWM55a4Nj0edNIdo+wHRbfpvZCS/+Mn5I00lpinfAi+zkP9arWAwAStdvUUqRl7y6amAPN79ZemvBAoZXqu/soVU6jwQWVT37pwpaJWnlizBnMgQxYBHv/qyRs+InpjDz6aFCFNxEu6548DcC+EvodqhuGIRItjPzkaQxIX7khplO1Vz3xAAOiw/bsqzHN2H9fhDjTlTcuMGEpgH9ipa9XBQAkd44AtEvDHLnsogj+3IDYKGA5WNvmcSSZsRAsfq2C9zX6VXqpfaz0Ikgf5rJp8Q8UIqb+wO9Nt0h77CShpob3KkVnzQ8TP8mug9NObl9MqKJPXj0yg6pNeXHlw== |
| ARC-Authentication-Results | i=3; mx.microsoft.com 1; spf=pass (sender ip is 40.107.116.139) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass (p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass (signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca] dmarc=[1,1,header.from=durham.ca]) |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=; b=UyNHl8RrEfuABHmbWu2MxzLCWeuTWh/grYnPfcg8Nl9Oa/AxIhHdkR+mFjOOrHNGy5IkLrQ7ZVu0YEhm88BksPwnL4KS4UuZG+lBq0LKjcN6n92AUVIn58xnHEgOGTcdCpM2JtkyBIT8IbN75okG5I+rjJfbEsmhVr73Q0ePpkY= |
| ARC-Seal | i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=Usp0VF2h05JegctGQ6Z9TdzoDGYPIUVelcwBtCcxhCsv5vgUaetyu3qO4R1xNqKddCRv76uiRaCZGFOgrIyblYcW+OvOGAev4jhmmU3BzPeTMkK2JQJ6E6dprEiK/jUGalO1DlSJ9mf0d7tE5FHiZd7Mal0foIXtqR7LUNQR2iz1Wv6G2n4/LuBXFTm88MuRVZBTNx55uUDCHQbzbqq4BerV0tmCPrz8iIc1vuKbW3/t7c+vSftT2nd2+hpmn4p2SHbz+pfI9m1o+BpPj4y6qNEGS7TN4TSAc7T2mMjGDy5cTQkxbLh+QgrNgg7OUxcHK0yeHia0KmHwHSwdyyezvw== |
| ARC-Message-Signature | i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=; b=LnOtMdzxJ9Bn3FpmJOk+lfeff1HqWqmlHs96ZSHpfLZebEL9qsDHDF3ZISv+VRrPWA7cu12p48SWv/NSImD0YmjahIcgXbXL5fgmRgLv9v9Zuezlww1xDNeomozT9RJtVlEb1Ara5g93pkgjpdSryzcSh0xS5evAolACRhYkYxX2kXdDcB5rB+hEumfCa3UtwPVRs7ItCFNgrDVlxfmRqDZWBQIKg75YNmcqs0F3PLK98W7rHzzAPv+cyFDwe8VPRkYFJEmMmzxHijd4msoslQUwQa8BBRy8lrEjOrObzxT14kC8qkgTv1n/BonatQ4Dja46571xhF1WnM/bqr7kXw== |
| ARC-Authentication-Results | i=2; mx.microsoft.com 1; spf=pass (sender ip is 40.107.116.139) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass (p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass (signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca] dmarc=[1,1,header.from=durham.ca]) |
| Authentication-Results | spf=pass (sender IP is 40.107.116.139) smtp.mailfrom=Durham.ca; dkim=pass (signature was verified) header.d=durham.ca;dmarc=pass action=none header.from=Durham.ca; |
| Received-SPF | Pass (protection.outlook.com: domain of Durham.ca designates 40.107.116.139 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.116.139; helo=CAN01-YQB-obe.outbound.protection.outlook.com; pr=C |
| ARC-Seal | i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TxuEQXnQUrVyRYqcLkp1Dw0vjraou7xlcN7t8qWEo1aMkl0A1HlJSQNlYoKOq8daQOA8jjjr5zvKQF54ggvuEyWGC47DrokQrSpZsFyGgi89XCq+PWyZzBqMcoFijDF64+FkRCA4FyegHPWL3gklnWNv9vvJc9ykXErruX3KH8pPCtyhSqN6kdO3ic6m4k7QSOExW6ttQ63/1DCW8Qe0dZvKw9IKMFoFV+MwQMBHcL0okkQxo/uDZET0OjxqpcH64ORGNWAGFYGfIk4CSBE6bLrEL4yDC33E23soifRPxc/JRIHIsY+wXA34taI/aEgjBArPxwbevHS37o92imA8Lg== |
| ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=; b=Dmmm/hmb+WsiCtGxRrb6svkfQDhyrRz3XLv3ulFjkf96LdzwlajNb88gZGyiLkf+JfHGfnoAUrdq+GHEujK5VjPsd+8cxb62/lk3f/6wqkLE2eECG+2gCVMOAByhQ6+oWwrDlDHuBds4l/YA6ZA52cO7dRIMry/vclNxRM11mQWF/QktE7ac84nIyhg1lxeN8gNrEsPygLZVfWKNKKzpfp1+Gwdd6EBqODr1GhKZaXCTqLvUr7fkRyO8W0eC7HOpsWyYAU3vtoVKHKhRaE0QEwx6aBNM0XdB5UJG5BAhka9o8oekDJPehXP0uBteQmS5+Jtj/H0Bh+gimcUSfHkC2w== |
| ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=durham.ca; dmarc=pass action=none header.from=durham.ca; dkim=pass header.d=durham.ca; arc=none |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=durham.ca; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V7RV/GGJsrkQ5kxOjr89vrRXSkWXuwqaqgliv6/yVRg=; b=EcBKxZz8nTib/YlBaIPZlU+4dJdalu3TKNcHcJ7OSqIJ18sSAAuFcrzROzHGI5kUhvCyS2Zi3p0ZosDDWLwaMYRWWpeuq9FErVdXl28KNV8LGrMY6YEWwx1LcFnDvq3WF4VohgmfIKy/UG4FcsGtWkHlov7g+W7QTuEiVG8+tRKkVOBTrHSlgAMzruiuGaACx1p4voDEAptx3hpPLlM4muo7SrewhnOvva8KvsNCa1mX9kTc1NZOu+LR2RN0++PcmU1VLSG+04AfV2MmL+eV7uXiEXVRASTdzDLpoeKdRy6g8DfObBPELA7bcaIl5pQY35QRTVYt7oaEuq4oBxDSqw== |
| Thread-Topic | Protocol benchmarking / auditing inquiry |
| Thread-Index | AdpfbJNnl5mSPDfJShm0AzMzygkU8wAASQPAAALoPgAAAn8VMAArbSgQAABAtGAAADkbgA== |
| In-Reply-To | <YT1PR01MB41873C15B6ED0600842D58FBFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> |
| Accept-Language | en-US, en-CA |
| Content-Language | en-US |
| X-MS-Has-Attach | |
| X-MS-TNEF-Correlator | |
| Authentication-Results-Original | dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=Durham.ca; |
| x-ms-traffictypediagnostic | YT1PR01MB4187:EE_|YT2PR01MB8615:EE_|SN1PEPF0002BA4D:EE_|PH7PR01MB7607:EE_ |
| X-MS-Office365-Filtering-Correlation-Id | 16a65f0c-e8e8-4a18-96f5-08dc2e4a25d1 |
| x-ms-exchange-senderadcheck | 1 |
| X-MS-Exchange-AntiSpam-Relay | 0 |
| X-Microsoft-Antispam-Untrusted | BCL:0; |
| X-Microsoft-Antispam-Message-Info-Original | 1sE8+E6EJon9GKAGxlGeKg08q22IQMciXitM6Sm82bGjsITqAQwPu19RaMMZDylmHDoqW4GVfP6Ba+eghalMTbA9aDgyjM9EsiNbSyXSglEgoMzEBZgAQ0z0e5M9XvqPiEXSTtZZn/UGCiZ8ma19Z60EjbuZk54KbhdGA9kdZnigU/PyUkt8KzlzaA/qaJHQlNQezfyIpiRpqDSrwlyDYHQtpMULc5OoSi5Ak9yqKLHRfhSBeviA+1otVw4OMJ4NB8m1y6fZwtmeQI4JhDaO5wIDDod8KwN3cxI/HxtyDiuBuHvopmT8hxyIjpwy5EyvEkobM9iXQutjy1KtwDgg2b4/tOMnDmB0ZJQ3IoT1zVU+Pk0KMYlf9Wbd9KcPJcTcD/1kaFArrcKTMw75EllVOdRK93MkgDwnpHmLgBnB3S8sE30/QdBbI59vOToATqGK9qJK8+UouCjHb2rG9vdnwF1RTULz+pRk5894jhv7PN/AZLlaOhbsVnVOjA0vg5SzOld0KnQuzrUk4k6IhFeNe31bGrwXK/PX1lbHiLAey20OvnTeseNXoIfs7m9PAvhB57DZ0l63ST8DHYF06fjb1pTrl3rdsZ4xHraIrqgQ8KMo74Qq+JoAK1xJ0Xb0aPUt60W2R3Lmsq6XmY1kBbcK5w== |
| X-Forefront-Antispam-Report-Untrusted | CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376002)(136003)(366004)(346002)(39860400002)(396003)(230922051799003)(230473577357003)(230273577357003)(64100799003)(1800799012)(186009)(451199024)(38070700009)(3613699003)(83380400001)(2940100002)(26005)(52536014)(41300700001)(8676002)(8936002)(76116006)(66476007)(478600001)(66556008)(66946007)(64756008)(66446008)(45080400002)(316002)(9686003)(110136005)(7696005)(53546011)(6506007)(86362001)(966005)(71200400001)(33656002)(38100700002)(122000001)(66899024)(2906002)(55016003)(5660300002); DIR:OUT; SFP:1102; |
| X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount | 1 |
| X-MS-Exchange-AntiSpam-MessageData-Original-0 | 1zvvo78+dNb8anvNHsJlG7OCYf1gn6yKGGKTw/x1wFg5+xa+0yp6cUsKnjCuEFdFPcxsfIu0x5/FkhYuXWjejaVCuMrF/QIYZr9YFvyu38nTVQxaKpVUGhNBpUKX43yHiOcsdvLk73pImnhFgmSCgzovzO3akHwVa8vT4WAmhkVCTJrUpBqttjEXwcb0SxTySJAQVx7rOMEFRTSDfd5YfPg0qrTdfeGcNdaQcNOX0UbDHAbikYK0a7jV7LwYrx8K0j6NLWB5iAp0CUbUJGF5NIygoHyDqp78ICcEAxtd5tFD5RzaTTSeelfFWl9diWO+WbmfXRw8bGOQaqDqHREN6owhkz36zvkwpGI5+gnRoC9x/Rm8GVJeHq9bTkB/oO1TXKF8KXkwmNZCctN4C3JvV8+Vy2ho7NeHa6QhPThWTNwX3cwwDixVT5xVYD+FAcMgoltphpteWw7ZGYhoIdzubowob5fQBrXF95eYyyEVyYDAoH6IZ/EziFwdGCEKzoBpveCvLUQF4Cl7byKNs4quObAULy37A/BRk1NtxwXAKoF8fRB+rhL3camrdOV3VbKlr/xGAN2PfaqRMcHnMxbxGScpnYzEtgh5GC/1OdRgwsO2ef14HnqRmDteRAHDrOQZ9hSepg7/P+XPmyqndKVXpc5101+OFOhK2UFxPH4dfVWfIUvj8rSalbCMct2MGeJ6EnoUiu1vTZIWNygeKsWzZYYI2uhOUwe64pL18bFBRIuR0UAQ1YEcjGmxhWHlGzyUOd4EaB48506j+CXxjTdxdTWHTT9zEWFcGgWuS+i+Ql1QTgdQ8bIKwnZBAaHdtsz2xh833/yI7PTGBchudSqEdDbiu/6gSxRqy4r0gfSZC4Ai/RYV2QogBcLhOhmQLUDr9WMEKa/5KWiMiw6uWx7cZ56Obg4eFL6zx1BanasvMCoGfQpahvsGuJK9h0whLp34BlfX3KhP0qrY9dgjeoPtDIcIfTcm0HxF0joG2B3LS+0vo5NTSGal/yBPUmccJxZPn3+8F/MhtNG+wEnxXlt0KNhu7dl0qPJtMTnZNmkVFXRi6fKLnnSR8IcppKHWZMmrUsV1kLlHKt6os9RxtJjZuF1wqQK+RomkLwUucMLJUNTX1EtYCs5Bijd/3Xuv5qvogBJ4GIRlP746qEkmR8ke7iXrkNnzxoaaXLqS4AbTQXr/PHBFpFxPeVPn2P9o7Gjz+pzNhGKlKbSOOaWGDIIm1GP0PwCcguxrOm6dysLUZDRYiDd1GZePtfuaE50DiD2BPhPXALtjiZ4c96DxKwMfelEYfHNneiqtBbV4cX5is8YGy785a95hQKw8apZgByLnHNajb4ilsM1Q7gAx85Y0le5AJtqz0zI4NIIubzuTMuVFVjxaldZeZ7lK3YMim6Z9/ldf/3CotF8ftoOIyv5wTsQDp87HL6g0kjVGx7Nu9sxhnoX2ikqG4KmTKv4fNDsCqH4LwM2uaEwRNot6GMgIJj5sGKJs0RocV+8EZYxNkGe9+uiNqUVWYt1ZNTReS7Ou3y6mELGbiXTn/KLFgQAHeZ8VRBvPwKtU+WWqdQxEXEO6h2OxKjSHhBFadqrLzasC3NRhQqJNSq+y9vAC1RfYrA== |
| X-MS-Exchange-Transport-CrossTenantHeadersStamped | YT2PR01MB8615 |
| X-EOPAttributedMessage | 0 |
| X-EOPTenantAttributedMessage | 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0 |
| X-MS-Exchange-Transport-CrossTenantHeadersStripped | SN1PEPF0002BA4D.namprd03.prod.outlook.com |
| X-MS-Exchange-Transport-CrossTenantHeadersPromoted | SN1PEPF0002BA4D.namprd03.prod.outlook.com |
| X-MS-PublicTrafficType | |
| X-MS-Office365-Filtering-Correlation-Id-Prvs | b6bd02b7-7af5-4aeb-aff1-08dc2e4a2415 |
| X-LD-Processed | 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr |
| X-MS-Exchange-AtpMessageProperties | SA |
| X-Microsoft-Antispam | BCL:0; |
| X-Microsoft-Antispam-Message-Info | 3PIdFVdg+QOrkIdP8lgHuZAfErIyIFCALWkUE8VO1LthS+z4dnacTXv+jL3zQFhY0EF9ZhPRNnsDjL9S+hqx5tDVAfTdcjwBLt7a9TJN5kuFxj5SaP3+8KCqIVrQGYjtyi1R98/6H01lhzT6S67k3rndpHR6gBUTz83KYzr3mivpUzqJGAWOf0RgPZPGowsYnY7qSfcVzzjiHJNQeeUuAE4ih1f8trxKbfK4c9Y87DJmCHfQ3DXZXI03bj8I8/XQ5yEHmzIf0hS9vI4AMm5ZcYmlcb/RiFYuT93lqreB8PThnStLKBerVjAbdw1qUIFOuhHmTnE59MuxQf+aqDrvva7mQulmQrhklDtB9b9dRlsc3Yj7L8SyF2Hl2IuqlrUHaFOLXSY1sgOfmT1qES66fuCyok+OtW/cRfAxeWz33kzw9a25ULM27UEQevQNSVjGvkljN7zgUEKosr4D40+/0VtvmsqK7PYMJnJRMsTnsoxR0BMjDiS21zd3P2y1gzTXo6S9USnMeBE2OxVMEI2n/KqTTQW2il/XfT1e2BLF1RVnS7/r+M7Zjlu8sY7HxUp18hXpdM4nQkwrj/1kxbbr//tWnBE9pAI53sQHoAZHXoT2OV2xqtmhtEi16YfvGLueyulOjaTIX4zbDxMPE8UAhW8sLrkwZvoQqKaOKp5RcvjVirgZ/IJzj7DlnMDGLXAX |
| X-Forefront-Antispam-Report | CIP:40.107.116.139; CTRY:CA; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CAN01-YQB-obe.outbound.protection.outlook.com; PTR:mail-yqbcan01on2139.outbound.protection.outlook.com; CAT:NONE; SFS:(13230031)(4636009)(39860400002)(346002)(376002)(136003)(396003)(230473577357003)(230273577357003)(48200799006)(451199024)(64100799003)(61400799015)(498600001)(110136005)(53546011)(6506007)(966005)(9686003)(7696005)(26005)(336012)(2940100002)(2906002)(5660300002)(52536014)(8676002)(70586007)(68406010)(66899024)(86362001)(3613699003)(33656002)(316002)(786003)(83280400002)(83290400002)(83300400002)(83310400002)(83380400001)(83320400002)(7636003)(356005)(55016003); DIR:OUT; SFP:1102; |
| X-ExternalRecipientOutboundConnectors | 64afd9ba-0ecf-4acf-bc36-935f6235ba8b |
| X-Auto-Response-Suppress | DR, OOF, AutoReply |
| X-OriginatorOrg | mitprod.onmicrosoft.com |
| X-MS-Exchange-CrossTenant-OriginalArrivalTime | 15 Feb 2024 17:18:37.4999 (UTC) |
| X-MS-Exchange-CrossTenant-Network-Message-Id | 16a65f0c-e8e8-4a18-96f5-08dc2e4a25d1 |
| X-MS-Exchange-CrossTenant-Id | 64afd9ba-0ecf-4acf-bc36-935f6235ba8b |
| X-MS-Exchange-CrossTenant-AuthSource | SN1PEPF0002BA4D.namprd03.prod.outlook.com |
| X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
| X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
| X-MS-Exchange-Transport-CrossTenantHeadersStamped | PH7PR01MB7607 |
| X-MIME-Autoconverted | from base64 to 8bit by mailman.mit.edu id 41FHId6Q050309 |
| X-BeenThere | kerberos@mit.edu |
| X-Mailman-Version | 2.1.34 |
| Precedence | list |
| List-Id | The Kerberos Authentication System Mailing List <kerberos.mit.edu> |
| List-Unsubscribe | <https://mailman.mit.edu/mailman/options/kerberos>, <mailto:kerberos-request@mit.edu?subject=unsubscribe> |
| List-Archive | <http://mailman.mit.edu/pipermail/kerberos/> |
| List-Post | <mailto:kerberos@mit.edu> |
| List-Help | <mailto:kerberos-request@mit.edu?subject=help> |
| List-Subscribe | <https://mailman.mit.edu/mailman/listinfo/kerberos>, <mailto:kerberos-request@mit.edu?subject=subscribe> |
| X-Mailman-Original-Message-ID | <YT1PR01MB418759BF87C15F508920501DFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> |
| X-Mailman-Original-References | <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org> <YT1PR01MB418788B7045DF1E5B375143FFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <YT1PR01MB41879A321B6419A0CCAEE830FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> <YT1PR01MB41873C15B6ED0600842D58FBFA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM> |
| Xref | csiph.com comp.protocols.kerberos:5253 |
Show key headers only | View raw
At higher levels it falls under "Non Destructive testing". -----Original Message----- From: Brent Kimberley Sent: Thursday, February 15, 2024 12:12 PM To: 'kerberos@mit.edu' <kerberos@mit.edu>; 'kenh@cmf.nrl.navy.mil' <kenh@cmf.nrl.navy.mil> Subject: RE: Protocol benchmarking / auditing inquiry This approach is taught in first year engineering. -----Original Message----- From: Brent Kimberley Sent: Thursday, February 15, 2024 12:10 PM To: kerberos@mit.edu; kenh@cmf.nrl.navy.mil Subject: RE: Protocol benchmarking / auditing inquiry Ken. The term Frame of Reference is a Cyber Physical system (CPS) term. For those who work in the cyber subset, the term is "interface". Regardless of what you call it. You take the system diagram and evaluate using each major interface or Frame of Reference. The STIG or CIS benchmark is just one of the interfaces evaluated. ------------- >Minor comment the CIS Benchmark appears to have been written from the >system administrator's frame of reference - not the network frame of >reference (FoR). Typically, each frame of reference (FoR) needs to be >audited. Hence the need for automation. I can only say this: - I've been doing Kerberos for a few decades (but I'm certainly not the person with the most Kerberos experience on this list). - I've done a ton of security accreditation work at my $DAYJOB, which also involves Kerberos. As part of the accrediation work we (and others) do automated scanning that includes the Kerberos servers and this seems to satisfy the powers that be. Some of the scanning seems to detect Kerberos but I am unclear how much it actually checks for other than "Kerberos is found". - I've used the aforementioned CIS Benchmark. - I really have no clue what you mean by "frame of reference" in this context, and this corresponds to no security accreditation or auditing requirements I have ever encountered so I cannot provide any suggestions; I'm really unclear what you are asking for. --Ken -----Original Message----- From: Brent Kimberley Sent: Wednesday, February 14, 2024 3:24 PM To: Christopher D. Clausen <cclausen@acm.org>; kerberos@mit.edu Subject: RE: Protocol benchmarking / auditing inquiry Minor comment the CIS Benchmark appears to have been written from the system administrator's frame of reference - not the network frame of reference (FoR). Typically, each frame of reference (FoR) needs to be audited. Hence the need for automation. -----Original Message----- From: Christopher D. Clausen <cclausen@acm.org> Sent: Wednesday, February 14, 2024 2:10 PM To: Brent Kimberley <Brent.Kimberley@Durham.ca>; kerberos@mit.edu Subject: Re: Protocol benchmarking / auditing inquiry [You don't often get email from cclausen@acm.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] I have used this as a guide, but I think MIT Kerberos version 1.10 is the latest available: https://www.cisecurity.org/benchmark/mit_kerberos Not sure if this is what you are looking for or not. <<CDC On 2/14/2024 11:46 AM, Brent Kimberley via Kerberos wrote: > Preferably something smaller and more focused than nmap or OpenSCAP. 😉 > > > > > > From: Brent Kimberley > Sent: Wednesday, February 14, 2024 12:44 PM > To: kerberos@mit.edu > Subject: Protocol benchmarking / auditing inquiry > > Hi. > Can anyone point me to some methods to benchmark and/or audit Kerberos v5? > > For example, SSH: > Manual > Read the RFCs and specs. > Semi-automatic. > jtesta/ssh-audit: SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (github.com)<https://github.com/jtesta/ssh-audit/> > Automatic > SSH Configuration Auditor > (ssh-audit.com)<http://ht/ > tps%3A%2F%2Fwww.ssh-audit.com%2F&data=05%7C02%7CBrent.Kimberley%40Durh > am.ca%7C8eddde16708448e6cdb008dc2d907d49%7C52d7c9c2d54941b69b1f9da198d > c3f16%7C0%7C0%7C638435345797172606%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4 > wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&s > data=ydwY2y5%2FxuZxJavbNQw877yOmuFuVo3DktJr%2FdFA05A%3D&reserved=0> > > > TLS example upon request. THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.
Back to comp.protocols.kerberos | Previous | Next | Find similar
RE: Protocol benchmarking / auditing inquiry Brent Kimberley <Brent.Kimberley@Durham.ca> - 2024-02-15 17:18 +0000
csiph-web