HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 134

AS-REQ, AS-REP

Get HP 635n - JetDirect IPv6/IPsec Print Server PDF manuals and user guides
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 134 highlights

Figure 53 - AS-REQ Vista and the KDC both have the exact same key. Vista sends an AS-REQ that is basically saying "I want a TGT from the TGS. It is also saying "I'm proving to the KDC that I'm Vista because I'm going to encrypt a timestamp with my secret key that only myself and the KDC knows". If the AS verifies that the packet contents are correct, it will send a TGT over in the AS-REP packet shown in Figure 54 - AS-REP. Figure 54 - AS-REP Vista gets back the TGT, but it doesn't know what is inside of it, since it doesn't have a copy of the key that was used to encrypt it - the TGS key. Only the TGS has that key. The TGT is just an opaque blob to Vista. However, Vista can read the contents that were encrypted with its own key. This includes information about the "opaque blob" that is the TGT. Another important thing is that there is a new key that needs to be used anytime Vista wants to communicate to the TGS - the TGS/Vista 134

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
134
Figure 53 – AS-REQ
Vista and the KDC both have the exact same key.
Vista sends an AS-REQ that is basically saying “I
want a TGT from the TGS.
It is also saying “I’m proving to the KDC that I’m Vista because I’m going
to encrypt a timestamp with my secret key that only myself and the KDC knows”.
If the AS verifies
that the packet contents are correct, it will send a TGT over in the AS-REP packet shown in Figure 54
– AS-REP.
Figure 54 – AS-REP
Vista gets back the TGT, but it doesn’t know what is inside of it, since it doesn’t have a copy of the
key that was used to encrypt it – the TGS key.
Only the TGS has that key.
The TGT is just an opaque
blob to Vista.
However, Vista can read the contents that were encrypted with its own key.
This
includes information about the “opaque blob” that is the TGT.
Another important thing is that there is
a new key that needs to be used anytime Vista wants to communicate to the TGS – the TGS/Vista