Abstract

The use of timestamps in key distribution protocols was suggested by Denning and Sacco [DS81]. Timestamps are now used in most production authentication services including Kerberos [SNS88]. Concerns have been raised about the security implications of this practice [Gon92]. Timestamps are necessary in authentication protocols that support multiple authentication without multiple requests to an authentication server. Kehne, SchSnwKlder, and Lan-gendSrfer [KSL92] have proposed a nonce-based protocol for multiple authentications that they claim improves upon the Kerberos protocol because it does not depend on the presence of synchronized clocks.