Re: lack of PFS considered harmful

[Michael Thomas <mat@xxxxxxxxx>]

Bill Sommerfeld writes:
 > > The good news is that I believe use of PK options of Kerberos with
 > > Diffie-Hellman certified keys gets us pretty close to PFS.
 > 
 > "Pretty Close" and "Perfect" don't mix.  Also, requiring changes to
 > the Kerberos protocol or KDC to support KINK would be out of scope for
 > this working group.

   The point was that this is a more general issue 
   for Kerberos itself, and the better route would
   be to take it up with that WG so that all
   Kerberos applications would benefit.
 
 > I still think the path of least resistance for KINK is to reuse as
 > much of IKE as possible, just using kerberos as an authentication
 > method..

   I believe there are already drafts which attempt to
   do exactly that; that's not the goal of this WG 
   though. The main goal here is to leverage 
   Kerberos as a key exchange and authentication
   mechanism. Grafting IKE key exchange or
   authentication mechanisms into KINK sort of
   misses the point.

	      Mike