Abstract

In a paper published in 1978 (Needham & Schroeder) we presented protocols for the use of encryption for authentication in large networks of computers. Subsequently the protocols were criticised (Denning and Sacco) on the grounds that compromise of a session key and copying of an authenticator would enable an enemy to pretend indefinitely to be the originator of a secure conversation. This note discusses a solution to the issue.