WebApp Sec mailing list archives
Re: Quiz: Can you spot the flaw
From: Saqib Ali <docbook.xml () gmail com>
Date: Tue, 5 Jul 2005 14:27:28 -0700
It is listed as: [Key(client, TGS)]Key(client) The TGS shouldn't know the secret key of the client. In addition, the client already has Key(client, TGS), what it needs is Key(client,service) to communicate with the Service Server. So it should be: [Key(client, service)]Key(client, TGS)
yup you got it! :)
Do I win a prize?
yup. Should I send it to your Eugene, Oregon address? -- In Peace, Saqib Ali http://www.xml-dev.com/
Current thread:
- Quiz: Can you spot the flaw Saqib Ali (Jul 04)
- <Possible follow-ups>
- Re: Quiz: Can you spot the flaw kbucher (Jul 05)
- Re: Quiz: Can you spot the flaw Saqib Ali (Jul 05)