Skip to main content

5.6. KRB_SAFE Message Specification

5.6. KRB_SAFE Message Specification

This section specifies the format of a message that can be used by either side (client or server) of an application to send a tamper- proof message to its peer. It presumes that a session key has previously been exchanged (for example, by using the KRB_AP_REQ/KRB_AP_REP messages).

5.6.1. KRB_SAFE definition

The KRB_SAFE message contains user data along with a collision-proof checksum keyed with the last encryption key negotiated via subkeys, or with the session key if no negotiation has occurred. The message fields are as follows:

   KRB-SAFE        ::= [APPLICATION 20] SEQUENCE {
           pvno            [0] INTEGER (5),
           msg-type        [1] INTEGER (20),
           safe-body       [2] KRB-SAFE-BODY,
           cksum           [3] Checksum
   }
   KRB-SAFE-BODY   ::= SEQUENCE {
           user-data       [0] OCTET STRING,
           timestamp       [1] KerberosTime OPTIONAL,
           usec            [2] Microseconds OPTIONAL,
           seq-number      [3] UInt32 OPTIONAL,
           s-address       [4] HostAddress,
           r-address       [5] HostAddress OPTIONAL
   }

pvno and msg-type

These fields are described above in Section 5.4.1. msg-type is

KRB_SAFE.

safe-body

This field is a placeholder for the body of the KRB-SAFE message.

cksum

This field contains the checksum of the application data, computed

with a key usage value of 15.

The checksum is computed over the encoding of the KRB-SAFE

sequence. First, the cksum is set to a type zero, zero-length

value, and the checksum is computed over the encoding of the KRB-

SAFE sequence. Then the checksum is set to the result of that

computation. Finally, the KRB-SAFE sequence is encoded again.

This method, although different than the one specified in RFC

1510, corresponds to existing practice.

user-data

This field is part of the KRB_SAFE and KRB_PRIV messages, and

contains the application-specific data that is being passed from

the sender to the recipient.

timestamp

This field is part of the KRB_SAFE and KRB_PRIV messages. Its

contents are the current time as known by the sender of the

message. By checking the timestamp, the recipient of the message

is able to make sure that it was recently generated, and is not a

replay.

usec

This field is part of the KRB_SAFE and KRB_PRIV headers. It

contains the microsecond part of the timestamp.

seq-number

This field is described above in Section 5.3.2.

s-address

Sender's address.

This field specifies the address in use by the sender of the

message.

r-address

This field specifies the address in use by the recipient of the

message. It MAY be omitted for some uses (such as broadcast

protocols), but the recipient MAY arbitrarily reject such

messages. This field, along with s-address, can be used to help

detect messages that have been incorrectly or maliciously

delivered to the wrong recipient.

Last updated on