I agree too, that PFS needs to be done via Kerberos itself. The good news is that I believe use of PK options of Kerberos with Diffie-Hellman certified keys gets us pretty close to PFS. (One would need to use both PKINIT for AS_REQs; and PKCROSS to exchange keys between the KDC and the server, instead of using a long term server symmetric secret key. It don't believe it is currently envisioned to use PKCROSS for KDC to server key exchange, only for cross realm KDC to KDC key exchange, but it doesn't seem all that hard to adopt PKCROSS for the task.)
> -----Original Message-----
> From: Jan Vilhuber [mailto:vilhuber@xxxxxxxxx]
> Sent: Friday, October 13, 2000 4:59 PM
> To: Michael Thomas
> Cc: Greg Troxel; ietf-kink@xxxxxxxx
> Subject: Re: lack of PFS considered harmful
>
>
> That paragraph sounds great to me. I second the motion ;)
>
> jan
>
>
> On Fri, 13 Oct 2000, Michael Thomas wrote:
>
> > Greg Troxel writes:
> > > Regarding:
> > >
> > > draft-ietf-kink-reqmt-00.txt
> > > draft-ietf-kink-kink-00.txt
> > >
> > > I am concerned about the lack of consideration for PFS.
> > > At a minimum this needs to be in the (currently blank) security
> > > considerations section.