> On Wed, 2011-08-24 at 07:42 -0400, 1983-01...@gmx.net wrote: > > Are you refering to sole Kerberos or are you just concerned about > > transport encryption? Your statement somewhat irritates me. > > Given that the HTTP traffic cannot be securely wrapped into the GSS > > content and nor the SASL QOP can be set (like for LDAP), I would > > neglect that and still say TLS is not of your concern but of mine or > > the users in general. > > Any authentication-only mechanism used over an insecure channel is > vulnerable to MITM attacks which preserve the authentication and change > the data. Of course, this applies to HTTP basic and digest over raw > HTTP just as much as it does to negotiate, so perhaps it doesn't make > sense to restrict negotiate auth to HTTPS only on this basis alone. > > A further concern with HTTP negotiate is that it is scoped to the TCP > connection and not to a single HTTP request. Ignorant proxies may > combine TCP connections for multiple users' requests and inadvertently > authenticate one users' requests with anothers' credentials. I may be > wrong, but I believe this is the concern which leads implementations to > restrict NTLM to HTTPS. Switching from NTLM to Kerberos does not > mitigate this concern at all. If there are other vulnerabilities in > NTLM which don't presuppose an MITM attack, perhaps I'm wrong.
Greg, thanks for the insight. I will file a bug that the sole negotiate/kerberos and SSL restriction should be removed because it is not enforced on basic and digest either. Mike -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! Jetzt informieren: http://www.gmx.net/de/go/freephone
