Grant Taylor <gtay...@tnetconsulting.net> writes: > On 01/07/2019 10:53 AM, Russ Allbery wrote:
>> The standard solution for this is FAST, which protects the initial >> authentication against this attack. (You do need some other credential >> to set up the FAST tunnel, but you can use anonymous Diffie-Hellman via >> anonymous PKINIT, or you can use a randomized key.) > Would you please expand (what I assume is) the FAST acronym? I expect > that there will be quite a few phonetic collisions searching for "FAST". I think it stands for Flexible and Secure Tunneling. It's defined in: https://tools.ietf.org/html/rfc6113.html The keywords "kerberos fast" in Google seem to turn up the right stuff (rather more than I had expected; I like you was expecting that to be drowned by performance stuff). -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos