Re: Confusion over MIT/Heimdal compatibility

[Tim Tassonis <timtas@cubic.ch>]

Howard Chu wrote:
> > > You might argue that the MIT approach is more correct, but I would
> > > say that it's highly inconsistent, and inconsistency is highly
> > > undesirable in a security mechanism. For instance, by your
> > > thinking, if you decide that security contexts must all be
> > > invalidated whenever and wherever they are changed, then you also
> > > need to close all connections whenever somebody changes their
> > > password, because any sessions established with the old password
> > > must now be considered invalid.
> >
> > Not at all. My password has no role in protecting that connection
> > once it has been established.
>
> No, but it allowed you to establish the connection in the first place. 
> As such, by your logic, changing it should invalidate the connection.

Sorry, but this is rubbish. By your logic, if one joins a conspirative 
gathering using a secret password and then is told than in future there 
is a new secret passphrase, he would then be required to leave the room 
again an reenter it using the new passphrase. There is absolutely no 
security value in this, just a small entertainment value perhaps.

Reestablishing expired encryption keys clearly has a security value, due 
to brute force issues on current connection keys.

But if somebody has brute-forced your initial shared secret to establish 
the connection an you have changed it in the meantime, he will not be 
more able to establish a connection if you keep that old connection.

Bye
Tim