[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jabber-security-jig
Subject:    Re: Re: [secure-jabber] How to use the kerberos for www security?
From:       leon fan <leon () ri ! gdt ! com ! cn>
Date:       1999-07-26 0:59:07
[Download RAW message or body]

Thanks a lot, thanks for you advice that using kerberos must synchroniz the time.

I also want to know whether ssl or shttp can cooperate with kerberos or gssapi and  \
there is a simple protocol such as  "gssapi for http"(It is proposed as a internet \
draft in 1996, and not come to rfc, why?, and I can't find this draft now.) And also \
I want to know SEA (A Security Extension Architecture for HTTP/1.x) as a w3c 's \
working draft not become a rfc,why?

In a word, I am look for a simple protocol can improve www's \
security(authentication,encryption,integrity etc.) by kerberos or gssapi in message \
or stream style.  
   


> On Sun, Jul 25, 1999 at 03:28:16PM +0800, leon fan wrote:
> > Received: from lor.jeremie.com (localhost [127.0.0.1])
> > 	by lor.jeremie.com (8.9.3/8.9.3) with ESMTP id CAA05450;
> > 	Tue, 25 Jul 2000 02:33:44 -0500
> > Received: from ri_mailserver.ri.gdt.com.cn ([202.106.68.226])
> > 	by lor.jeremie.com (8.9.3/8.9.3) with ESMTP id CAA05433
> > 	for <Security@jabber.org>; Tue, 25 Jul 2000 02:33:38 -0500
> > Received: from ·¶½¨¹ú ([172.18.94.118])
> > by ri_mailserver.ri.gdt.com.cn (Lotus Domino Release 5.0.2b (Intl))
> > with SMTP id 2000072515301546:64 ;
> vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
> > Tue, 25 Jul 2000 15:30:15 +0800 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
> > Date: Sun, 25 Jul 1999 15:28:16 +0800
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > From: leon fan <leon@ri.gdt.com.cn>
> > To: "Security@jabber.org" <Security@jabber.org>
> > X-mailer: FoxMail 3.0 beta 2 [cn]
> > Mime-Version: 1.0
> > X-MIMETrack: Itemize by SMTP Server on ri_mailserver/gdt(Release 5.0.2b (Intl)|16
> > December 1999) at 2000-07-25 03:30:15 PM,
> > 	Serialize by Router on ri_mailserver/gdt(Release 5.0.2b (Intl)|16 December
> > 1999) at 2000-07-25 03:31:09 PM,
> > 	Serialize complete at 2000-07-25 03:31:09 PM
> > Message-ID: <OF870C366B.295C1046-ON48256927.002938F9@ri.gdt.com.cn>
> > Content-Type: text/plain; charset="us-ascii"
> > Subject: [secure-jabber] How to use the kerberos for www security?
> > 
> 
> Ironically, having the proper time on all of your machines is considered
> an important security matter.  (Synchronizing log timestamps during an
> attack, for example.)  Additionally, some protocols will not connect if
> the times are not within a minute of one another, for similar reasons.
> (I suspect this behaviour will become increasingly common in the future.)
> 
> You may want to adjust your clock and then install an NTP v4 daemon
> (or xntpd3) to keep synchronized with three (or so) public time servers.
> 
> Best of luck.
> 
> -- 
> Please (OpenPGP) encrypt all mail whenever possible. Request the following
> Public Keys for Lazarus Long <lazarus@overdue.dhis.net>
> 
> Type    Bits/KeyID    Fingerprint                   DSA KeyID: vvvv vvvv
> ElGamal: 2048g/92F6493B 2C55 E967 278B 4E8B D25B  F5F3 352B 9B0E 32C3 3BA4


[prev in list] [next in list] [prev in thread] [next in thread]