The MAC will check out only if the servers are using the same key.
That's not necessarily true. Since the ticket is not self-describing.
and there is no normative language relating to ticket construction, there
is no guarantee that implementations will put the MAC field in the same
place or use the same algorithm. This could be fixed by including a
globally and temporally unique ticket identifier, and mandating that the
MAC field be put at the end.
It's certainly true that "implements all the MUSTs in the document"
does not imply the system is secure, but that applies pretty much
to any document (unless it says "the system MUST be secure" :-).
While it's certainly true that normative language doesn't guarantee
security, most specifications do use normative language, if only to pin
down some basic features of the specification. It is quite possible for
this specification to allow innovation along many dimensions, by
mandating a few critical items, enough to avoid interoperability problems,
and leaving the rest open.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf