subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 1983-01...@gmx.net
Subject Re: RE: Proxy authentication with Negotiate uses wrong host
Date Thu, 25 Aug 2011 09:59:27 GMT
> On Wed, 2011-08-24 at 07:42 -0400, 1983-01-06@gmx.net wrote:
> > Are you refering to sole Kerberos or are you just concerned about
> > transport encryption? Your statement somewhat irritates me.
> > Given that the HTTP traffic cannot be securely wrapped into the GSS
> > content and nor the SASL QOP can be set (like for LDAP), I would
> > neglect that and still say TLS is not of your concern but of mine or
> > the users in general.
> 
> Any authentication-only mechanism used over an insecure channel is
> vulnerable to MITM attacks which preserve the authentication and change
> the data.  Of course, this applies to HTTP basic and digest over raw
> HTTP just as much as it does to negotiate, so perhaps it doesn't make
> sense to restrict negotiate auth to HTTPS only on this basis alone.
> 
> A further concern with HTTP negotiate is that it is scoped to the TCP
> connection and not to a single HTTP request.  Ignorant proxies may
> combine TCP connections for multiple users' requests and inadvertently
> authenticate one users' requests with anothers' credentials.  I may be
> wrong, but I believe this is the concern which leads implementations to
> restrict NTLM to HTTPS.  Switching from NTLM to Kerberos does not
> mitigate this concern at all.  If there are other vulnerabilities in
> NTLM which don't presuppose an MITM attack, perhaps I'm wrong.

Greg,

thanks for the insight. I will file a bug that the sole negotiate/kerberos and SSL restriction
should be removed because it is not enforced on basic and digest either.

Mike
-- 
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!		
Jetzt informieren: http://www.gmx.net/de/go/freephone

Mime
View raw message