Bernard Aboba wrote:
If a client obtains a ticket from Server A, running software
version X, and then sends it to server B, running software
version Y, how is Server B supposed to figure out that it is the
wrong version?
This becomes a problem only if the servers are using the same key
to MAC the tickets. (If they're using different keys, the MAC
won't match anyway, and server B doesn't need to know what version
server A is using.)
But you're quite right, this could be a problem if one shares
the keys in heterogeneous environment, and the document should
probably warn about this.
Best regards,
Pasi
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf