CERT statement

[Marc Horowitz]

>> Kerberos per se isn't sufficient to defend against session hijacking
>> attacks, you know. The situation in question is really insidious and
>> requires packet-by-packet cryptographic authentication.

No, but kerberos or something like it is necessary.  And I think I can
safely say that anything which really defends against TCP sequence
spoofing or hijacking attacks will be more invasive and require more
effort than kerberos, not less.

		Marc