Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

We have a equal opportunity Calculus class -- it's fully integrated.

devel / comp.protocols.kerberos / RE: Protocol benchmarking / auditing inquiry

SubjectAuthor
o RE: Protocol benchmarking / auditing inquiryBrent Kimberley

1
RE: Protocol benchmarking / auditing inquiry

<mailman.23.1708016987.2322.kerberos@mit.edu>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=474&group=comp.protocols.kerberos#474

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: Brent.Kimberley@Durham.ca (Brent Kimberley)
Newsgroups: comp.protocols.kerberos
Subject: RE: Protocol benchmarking / auditing inquiry
Date: Thu, 15 Feb 2024 17:09:34 +0000
Organization: TNet Consulting
Lines: 93
Message-ID: <mailman.23.1708016987.2322.kerberos@mit.edu>
References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
<YT1PR01MB418788B7045DF1E5B375143FFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB41879A321B6419A0CCAEE830FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="10068"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: "kerberos@mit.edu" <kerberos@mit.edu>, "kenh@cmf.nrl.navy.mil"
<kenh@cmf.nrl.navy.mil>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=KR9AfH9M;
dkim=pass (2048-bit key,
unprotected) header.d=durham.ca header.i=@durham.ca header.a=rsa-sha256
header.s=selector2 header.b=rfpeiIbu
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=hBCdOh8rSyAS+1OQBHPNtWqpK7UwDzF/ELieCFuuULxk6n1vrtTlsRlYmAqmog3K9aTZY/cZaHaw13AYijcR4XR8dlWVe/Fq9xvM9wjY91mTegx3OQ5I8wNEVokBdrbUpS8Zm4GosA9nw1aImKjgxfo0wXpXGDqA8gtuBGhEhZd4Zzx4rOltGjjrZwweP0misPM2SKHWtoPA8zjupp7sIBkTOnQOpOz/XZozV7xeysZe2IMfDUEKDmA6MF8nu3uYbjSgsbxS0Ux8vFNoPuTqLhpIptgkxqNSzk1GdMunZQ2HON8ryyqO1ENaGy0j47V4eE5LaXZmIrAtFolUlnpwOA==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=7U09wxqIqlVgrdtC4j9QXsCOvJ3635w53lPM1Wkr/p4=;
b=Uwz0zg4yjfN5kAeBAeVh6470VNFlgRKnQE5k9HIm2EfCjo2G4BhgqrwYy97fA78+L1xXpjBQKWe8LtbpPCCWWlMS3o+IsJ30fvaWpzxkUwtnYWGYpVQK+eZpr4NJGLkKcj9jHNCTmIs/i3TLRQai5owPHYg5y7KDl/yvfWlEMf54djxcYev27bL80q34OnIpHdktSR+ZW65bOwSOWQIaJMOGV3ALj6zzemVzlpwp1zcLcjE7kgMyGIP/92yX+W6USBbl+xMaxv3+qiPu9/WX9PrVPkyw/EQymZbKAU+RztyMBVFtc3NRHaSqoGjlm94l2RWEjJcecYiEOkpJaLebkg==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
40.107.116.91) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=7U09wxqIqlVgrdtC4j9QXsCOvJ3635w53lPM1Wkr/p4=;
b=KR9AfH9Mt/wsmj2GoS4Zcw2A0Ryscg/OmfUcFZ8cHkYRoiYXerM6fh7iiDys0cd/rNVPogBWoVxit8w1yHPFzef+TbXAoSX/C0N+Om7Z+d8qA4JqvZ/Alge9ZUoQ7HeCLYrpo/TZsAVI5zFbvG+RAXo66iLGEObn4YjWP0ux8Ic=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=Fx7Hmwehse3dximO5F9dMm9akiC9jyRJgtyBBUQOsdRdSwdHevVuP9jrgQkXXTbEeMpuflQYYKPp8PUjlt3Xqx8/F6vmuULKbXu6UV1fR8ONic8Ap3wPYxZ/lhFdigOg0PGEiJHUeo90D6CKLDL0DrgN2GXXI5b4ouWHy2UMR5MNepNQtIE8EXzWSIsGp1q/x+MJgaSW/Dpai6zr5PRCeypZILjS2LfcsEaR6O7nxOZc+/ccFkAGEyx2UYGH5oz7srxIiSOCP3Rnnux9OvXWu3HceOPa7KKdoHHtt4zfJW0ZSewSFbVtdahfXOAKNh7iEKVgC6p0R68Xtz+twRTrMA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=7U09wxqIqlVgrdtC4j9QXsCOvJ3635w53lPM1Wkr/p4=;
b=lA8ghprpszMOJAJcVPya4Bjb1zlgpQf6kXtIQOgoI/qHajhnrSl3EbvIfDezDHtHYdJcj/qzZm85s0iVu5hQm3GhGvmX2XFCjbKh6ovs5y2dOBu4yp4nhxAj4CXNAOTmvDqVd9XyvnjIpFsmNPwfY79HofZj2r5kUMG1wD++Gx5MRXnQSqC5DOHISYyYhf9ln8xM/cXu/OBMGrwShbZhTxcB3aoCgy98jhsVrIpt05f/mzT3vFaOnLCijoypAvzSg4bFbC5Cqxcb+lpJjrdIeKbLSh+DtXSg8n5jxLXZEB5tdIebhYP3U97D6QMHNhpm5OFlENaedmLWQe1rZ1n2Hg==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
40.107.116.91) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
Authentication-Results: spf=pass (sender IP is 40.107.116.91)
smtp.mailfrom=Durham.ca; dkim=pass (signature was verified)
header.d=durham.ca;dmarc=pass action=none header.from=Durham.ca;
Received-SPF: Pass (protection.outlook.com: domain of Durham.ca designates
40.107.116.91 as permitted sender) receiver=protection.outlook.com;
client-ip=40.107.116.91; helo=CAN01-YQB-obe.outbound.protection.outlook.com;
pr=C
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=NmzVl8X2XtdZaxDud9Qe2nm/zBT9A9305tB81FvCKAVmmFh+kKPh7/0dey3HMjMfH+wuwxZXE81Gq5rV5h0I1/B+eP7QpNDuGRFYKUWJ8Mvvexs643ElmwfSMJcDSX4OKp5lXNu53Hrhbk4aRQk7teDogDuss5+RFTmqmTsvqj+4S4MvmscYXt9uEzFMA3MtMwDP1BgO1K02GGHtQ6sLJ70eBz6ygDn89p3QhxQ9wIeQ8Mij4vAX9JsdQ76Ni6BsnT9t+IM/lOFCO8YanU5kOUXuFS/1gqH7WH23oTr+lV70ZNk//086nNJgFONukDvzuahqQ+TjTFOks8YfHqgnzw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=7U09wxqIqlVgrdtC4j9QXsCOvJ3635w53lPM1Wkr/p4=;
b=Q1KYHkD703dRH63mtsR2tI4qtyNfsf3cmZ0KWEYZupLyacLTxjq+Wedu5z4WrODGwDzmzZRxtUoBb20dwq62znQoaZgKQKg4Ujj53CVPPt7YbRKF8eUs0F53PitFmor/Z4TnC85L1/83Lhn/9CHgYw1X0YDLhmNzEWNnRLhKbMc0AujoBfZpxYCOwXJmelwjo3BXqlovCUkkvsh+pd6AZVWgKMk2ghpLXpEoBFqhQFZVf8DxG3X6h8aSIXXkkR92XGq0iDxLsy0raFmjQWxd3W/eCTvtbU0sHwkRRd30MZNjMoTcIHCZ/4CnGQLIvV//YtJG14mIkwK69CDKGClH0A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=durham.ca; dmarc=pass action=none header.from=durham.ca;
dkim=pass header.d=durham.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=durham.ca; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=7U09wxqIqlVgrdtC4j9QXsCOvJ3635w53lPM1Wkr/p4=;
b=rfpeiIbuADbbbKT0Xp1FIdDDEN7mJGS3mV9Hpz6dLvQd5JM7KEaDZs5uQGWfPCfSiOUzJHq/BpRoNL26+V3spqZPjJKZRKzNY/uFqIqaKjRCoWFOT6+u4N/cTe5sxr5jhypYJp8U5DHX1PWjDBwMfu5KihQkvpF6vmyc3ue70Gcl6zwkaCTkSmnVZru4hvz4m9WVu+gA9AISqsjHJfz64O1ARxXzWndPVtL5zx128xT+U9oyeoQDGvQWfB+xekGB+XChkooZC1UqqlJESVb5xwUbF+NL/bBcWw801WIVX4UsVkuOzLiTx5b7PMmo2a68L51ymvhUh9i9xMQisnSJ6A==
Thread-Topic: Protocol benchmarking / auditing inquiry
Thread-Index: AdpfbJNnl5mSPDfJShm0AzMzygkU8wAASQPAAALoPgAAAn8VMAArbSgQ
In-Reply-To: <YT1PR01MB418788B7045DF1E5B375143FFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=Durham.ca;
x-ms-traffictypediagnostic: YT1PR01MB4187:EE_|YQXPR01MB5836:EE_|BL6PEPF0001AB54:EE_|PH0PR01MB7492:EE_
X-MS-Office365-Filtering-Correlation-Id: a011958a-0198-476f-6a22-08dc2e48e396
x-ms-exchange-senderadcheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Q37v5g8OueX55/6TLs6rzcHC5TvPnI3R6j5aNBZq7JLycQMB1ET0etageLHTddO70DCWWz8yH9jT9RAFpCbcIVfEBCL+7FjVQC++bLnvIIXr928VBvS3OL9IUsnA1iYFqf19O8Jf2yEC4AodijTSPLSlSgFZ+RWasgVETJjpkx7Aqt8byYBzGmfOAUcs9YwpgkHZIu74iO8K7bJTtJN0kQdS+E0kM6M0GZXMALNiPzl84YA3I2Kuoqt69ZHjNFQNmvM8TRHr+H9u5FEBEnBA4QoqajZ10P9JU6fbbcbi5akkaUIOtFYuGQkgIYXtuM0UaXEX+xuh/DMZLEOcZtNlvxvZ/tQAs9VyzNiM3qLwwJo01hG6QbTjNRtSBrAg9DXFRlu+ut2k86yJwqi3iM8esXBxRr6a82ZxD2ArPQFXStbFZ2UDQ4VfGicoo85sJ/lIS1cqpNimvQ0V2SlRjJQz4il5xoZ6Kp28BJ4BOqNfO7gmgnBUEG/v1knw5yGFBQy2OPqgvnl7l4HoDhWvnefkXVNLcm6Wz2SBjNF+rc/63kBkdUt+mULnPfmHMGbtDWYpq1MDnLT7U55jiQkSg++EddaGIX7AtZyy4lISUg6lkIyCxMt3ewLpq06yaTUOciWwPxYSPhhPg3Wgfo3ADAQBbQ==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM;
PTR:; CAT:NONE;
SFS:(13230031)(396003)(136003)(39860400002)(376002)(366004)(346002)(230473577357003)(230273577357003)(230922051799003)(451199024)(1800799012)(186009)(64100799003)(5660300002)(66899024)(52536014)(2906002)(76116006)(8936002)(66446008)(66476007)(64756008)(66946007)(66556008)(8676002)(33656002)(122000001)(86362001)(38070700009)(83380400001)(38100700002)(3613699003)(6506007)(53546011)(478600001)(110136005)(316002)(7696005)(966005)(9686003)(45080400002)(41300700001)(71200400001)(55016003)(26005);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: evlEeUXJA8jM+y7xou9u/4jl9jH3ne8T6rBsQzSckoV3U
2YJsD5inHpLpCXxD1fFOtm+JyeMttqrbfzKr8UOF3NzWT
qj7nuvN82HxqdtRaAJaJUtifgDwcu840G60oMxhEMU4j6
I55zG+tllomiYPbld8qgE0AeXLz+UFP+LjVUUDBFoy25C
SvSGiLZ7DkCQMwcaMels6XahjcAB1BGOcJ6UfUoXo/SgL
zTrGVIFLRkli/biv01M0cRTLDTickOrdum2L4LYNMvrsf
a4Sj9NHypQpNpPeOh6L1e1I58XeY1+ESnbznCqLH/plZQ
J1GhAUWlv7X1I1XPcBd3E+1GwMUwN/2VNcDY7l3K6tk1l
geT+R1lX684t9oUIYw5HyYESTMtDEvP6D9LrVQo1pqXu4
7tyMtRCRoSyPJrIguuYj3Bx0EVF35UqOGsBEaPG0PeRnk
4Tu9IIOkvkvhchhQAzRiEOOOteubhBVBJOvpIfYuSpTeg
ixWfX0hTWh4sEvPlPnUBue2zBY4Jc2azyBE/wTlowEhOk
KnD1vgRwHHWPPzWE4DDn1d0prMGGYt4WQ8rGyre/ozN9r
cZM8FN0ecJvjTWdjabVYGqxvZWhGGpjXpz0qJEVedbf2K
h12vqunfz2RfSMOOSUlqspJPlZjDFx60IbOgyJ3hptCDd
Y6eOTTvFod+454YVTXPo9KD8wIVNBKltJMmI9sYhHGh98
UifoGUPcIV7GD0zCFcGZJnVXxUk6zjZItiVLXEezteOfX
s1tTY7cIXsjxiYJT/hDoTUaNg8bksTm7QYHgy+zVbjw5V
3xeEM6CByvBU6aDpmfJLH5DweZA3ZyBv0jTm/VQ+s+L32
RbNNrmJ7+8NLwiAkCBrrmcrGpB8xS8sfH4GWpdlshBLHs
w8gO2r3ph3Kk28qJ1dud3WD905MpD7gQNd21sni8v5Bad
fqMxg1P/LivQPcHPqrIMDV/JMDJb1+NseOULUFoDyab+W
sYaECl7nQynhpr1s96eop6uiR2fkDHvwhviZSKW6KGDnJ
KeOzGxcbpuRf4RObPm/+uqJw5LBRXQ+/DkTLqnsporKO1
rXiw+M/NpQwdXPlvS510tSQ5jWoN2aWAQKxm0Y+/0g7b1
NC0y4V74Y/4j7cTkwV0l8RMsJ6r+BBhTCFypwJs9BeBQM
5Uw5YE+GIpFLeqk2BNC5MMRAHCGMwO363lf5bbOTKkWTM
3HFFWcBLFbfNa/B9J1jS2yR14wVdz4Z05oewIvRYPbw6P
crzKOMiFnJeRq+eVaHJpfJZbHkSDu5bRuJSiE1T/f9DMh
OPwLn9QpWhXrQfuCa9Jks1LIDH3iWtd6iellSQFUmG9R7
Zz27J3rSxV0ZyRKdnPOT1Z9dThZbGfKpb22Mw7mwQNSIJ
OXge1mBqYnxZAlxGOHbBZaDS/K+F2M6sZFYkr1oeefGLc
YZ62Wo8tAmoUfqpuLmTCdUw1oYwTO0qq30NyBK8/eUbHg
vIyMt1K5euS2B9IS3mEml7O/NMlIz9Duy/PBJi+8HPA7L
CXueAOGIGn+K3VWCT1FzKUlplDboup52BOUvKL3cYEMnk
2dDpdUObFmFa0UC6imUVIzNUFZOll1lmHD5ZJv3ybDWRc
Cg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQXPR01MB5836
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: BL6PEPF0001AB54.namprd02.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: BL6PEPF0001AB54.namprd02.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 6142b428-60b4-4d49-2816-08dc2e48e264
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: d5HEzYUPWv2WvFCpQwUw5iRp1Tmmuclyt055zMftN0kAVARa0WKunwMNuZdmj+5FnmDc8RcdZKNwI6oWWAZ6NNHfr2mnhOFxU1YPz5OOTnwzZ5ja3u1anZvfghf9F9+nY3CmK55j1Zp0PHZgGjE8RWZe8RKyAo5eCi6vXruENcR62kiUhkyEVy8OoSlyFC8bxaL1+NowZ3qxhuP+cY0RA5/n+Inh8hh67somAH5gZbLF3taRU8VE9QQ4KAKWWtKV7q1ScO9ZaKRhzKf3wODu5haylP+sy7ETASA4hKKLaB349xuO20cvljEU9hvuaA0ILP4ulWvvZzFtFq6XV0bbfhzAwu5so0/1pY+LLKfK+k9hl0crYQLnulkxKCbs5rIXloNOJv6QnIwJ1E6wJzcqzoefFzGWQ9u/IXQpGwLFqZglMfo4lzbugK64LfA6BXXpzJMK0XBdRDRH0Knl/4W4y4dpNXINTvKjj+Uj8w8KoK58YmL7zZkguABZhSDiKFMmRRe+uomTVTdzaHwhiQnZkHKy5LISM2GhhcB5nsy7e8cT1FS83RjqrvraTWlryptQQEqwbpp/jZtKQMoWrPLA8qUD1eNpBujecScNnTiKtIhGGGLMSEB5Vp6i9G8B5UTSE3MILKyf4DGiqDihwbm8EPwvrGA6dS5RcDCa38EdB7rXg79cO4y1U4srcbMwrw7o
X-Forefront-Antispam-Report: CIP:40.107.116.91; CTRY:CA; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:CAN01-YQB-obe.outbound.protection.outlook.com;
PTR:mail-yqbcan01on2091.outbound.protection.outlook.com; CAT:NONE;
SFS:(13230031)(4636009)(346002)(136003)(39860400002)(376002)(396003)(230473577357003)(230273577357003)(48200799006)(451199024)(61400799015)(64100799003)(55016003)(2906002)(66899024)(5660300002)(83290400002)(83310400002)(26005)(83300400002)(83380400001)(83320400002)(336012)(83280400002)(3613699003)(8676002)(68406010)(786003)(316002)(52536014)(70586007)(33656002)(110136005)(7696005)(9686003)(6506007)(53546011)(966005)(356005)(7636003)(86362001)(498600001);
DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2024 17:09:36.9638 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a011958a-0198-476f-6a22-08dc2e48e396
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB54.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB7492
X-MIME-Autoconverted: from base64 to 8bit by mailman.mit.edu id 41FH9d0e047761
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <YT1PR01MB41879A321B6419A0CCAEE830FA4D2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
X-Mailman-Original-References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
<YT1PR01MB418788B7045DF1E5B375143FFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
 by: Brent Kimberley - Thu, 15 Feb 2024 17:09 UTC

Ken.
The term Frame of Reference is a Cyber Physical system (CPS) term.

For those who work in the cyber subset, the term is "interface".

Regardless of what you call it.

You take the system diagram and evaluate using each major interface or Frame of Reference.

The STIG or CIS benchmark is just one of the interfaces evaluated.

-------------

>Minor comment the CIS Benchmark appears to have been written from the
>system administrator's frame of reference - not the network frame of
>reference (FoR). Typically, each frame of reference (FoR) needs to be
>audited. Hence the need for automation.

I can only say this:

- I've been doing Kerberos for a few decades (but I'm certainly not the
person with the most Kerberos experience on this list).
- I've done a ton of security accreditation work at my $DAYJOB, which
also involves Kerberos. As part of the accrediation work we (and
others) do automated scanning that includes the Kerberos servers
and this seems to satisfy the powers that be. Some of the scanning
seems to detect Kerberos but I am unclear how much it actually checks
for other than "Kerberos is found".
- I've used the aforementioned CIS Benchmark.
- I really have no clue what you mean by "frame of reference" in this
context, and this corresponds to no security accreditation or auditing
requirements I have ever encountered so I cannot provide any
suggestions; I'm really unclear what you are asking for.

--Ken

-----Original Message-----
From: Brent Kimberley
Sent: Wednesday, February 14, 2024 3:24 PM
To: Christopher D. Clausen <cclausen@acm.org>; kerberos@mit.edu
Subject: RE: Protocol benchmarking / auditing inquiry

Minor comment the CIS Benchmark appears to have been written from the system administrator's frame of reference - not the network frame of reference (FoR).
Typically, each frame of reference (FoR) needs to be audited. Hence the need for automation.

-----Original Message-----
From: Christopher D. Clausen <cclausen@acm.org>
Sent: Wednesday, February 14, 2024 2:10 PM
To: Brent Kimberley <Brent.Kimberley@Durham.ca>; kerberos@mit.edu
Subject: Re: Protocol benchmarking / auditing inquiry

[You don't often get email from cclausen@acm.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

I have used this as a guide, but I think MIT Kerberos version 1.10 is the latest available:
https://www.cisecurity.org/benchmark/mit_kerberos

Not sure if this is what you are looking for or not.

<<CDC

On 2/14/2024 11:46 AM, Brent Kimberley via Kerberos wrote:
> Preferably something smaller and more focused than nmap or OpenSCAP. 😉

> > >
> From: Brent Kimberley
> Sent: Wednesday, February 14, 2024 12:44 PM
> To: kerberos@mit.edu
> Subject: Protocol benchmarking / auditing inquiry
>
> Hi.
> Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
>
> For example, SSH:
> Manual
> Read the RFCs and specs.
> Semi-automatic.
> jtesta/ssh-audit: SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (github.com)<https://github.com/jtesta/ssh-audit/>
> Automatic
> SSH Configuration Auditor
> (ssh-audit.com)<http://ht/
> tps%3A%2F%2Fwww.ssh-audit.com%2F&data=05%7C02%7CBrent.Kimberley%40Durh
> am.ca%7C8eddde16708448e6cdb008dc2d907d49%7C52d7c9c2d54941b69b1f9da198d
> c3f16%7C0%7C0%7C638435345797172606%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&s
> data=ydwY2y5%2FxuZxJavbNQw877yOmuFuVo3DktJr%2FdFA05A%3D&reserved=0>
>
>
> TLS example upon request.

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor