On Wed, 2011-08-24 at 07:42 -0400, 1983-01...@gmx.net wrote: > Are you refering to sole Kerberos or are you just concerned about > transport encryption? Your statement somewhat irritates me. > Given that the HTTP traffic cannot be securely wrapped into the GSS > content and nor the SASL QOP can be set (like for LDAP), I would > neglect that and still say TLS is not of your concern but of mine or > the users in general.
Any authentication-only mechanism used over an insecure channel is vulnerable to MITM attacks which preserve the authentication and change the data. Of course, this applies to HTTP basic and digest over raw HTTP just as much as it does to negotiate, so perhaps it doesn't make sense to restrict negotiate auth to HTTPS only on this basis alone. A further concern with HTTP negotiate is that it is scoped to the TCP connection and not to a single HTTP request. Ignorant proxies may combine TCP connections for multiple users' requests and inadvertently authenticate one users' requests with anothers' credentials. I may be wrong, but I believe this is the concern which leads implementations to restrict NTLM to HTTPS. Switching from NTLM to Kerberos does not mitigate this concern at all. If there are other vulnerabilities in NTLM which don't presuppose an MITM attack, perhaps I'm wrong.
