On Tue, Jun 26, 2018 at 08:53:57AM +0000, Hannes Tschofenig wrote: > Ben, > > I was wondering whether the situation is any different in Kerberos. If the > KDC creates tickets with a session key included then it needs to make sure > that it does not create the same symmetric key for different usages. > The key in the Kerberos ticket is similar to the PoP key in our discussion. > > Are we aware of key collision in Kerberos?
I don't believe key collision is an issue in Kerberos. Long-term keys (which are not what we're talking about here) are identified by a principal name, encryption type, and version number. Session keys that are contained within tickets (and returned to the client in the KDC-REP) are random, so even if we are only using the birthday bound we're still in pretty good shape. The modern enctypes tend to use subsession keys generated by the client and/or server as well as the KDC-generated session key, which provides further binding to the current session. Does that answer your question? -Ben _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace