Why are timestamps used in the Kerberos protocol?
Assume that Alice shares a secret s with her company's server computer. When Alice is on a trip, she tries to store an important message in the CEO's account directory. This message needn't be encrypted since confidentiality is not important here, but the CEO needs to be guaranteed that the message really is from someone who knows the secret s (e.g. Alice) when the CEO opens his/her computer the next day. A naïve protocol to achieve this may look like this:
Alice-->Server: "This is Alice, I have an important message to forward to the CEO"
Server-->Alice: "OK, please encrypt R" (where R is a random nonce)
Alice-->Server: "Es(R)" (that is, R is encrypted with the secret s)
Server-->Alice: "Please send the message"
Alice-->Server: "The CEO needs to attend a meeting in Liverpool on May 1, 2006"
The server stores this message in the CEO's directory
Is this protocol secure? If not, how do you feel it could be modified to make it so?