[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: alternative to user-to-user Kerberos in KINK

To: "Medvinsky, Sasha (SD-EX)" <SMedvinsky@xxxxxx>
Subject: Re: alternative to user-to-user Kerberos in KINK
From: Bill Sommerfeld <sommerfeld@xxxxxxxxxxxx>
Date: Mon, 20 Nov 2000 14:05:43 -0500
Cc: "'Derek Atkins'" <warlord@xxxxxxx>, "'Michael Thomas'" <mat@xxxxxxxxx>, "'ietf-kink@xxxxxxxx'" <ietf-kink@xxxxxxxx>
In-reply-to: Your message of "Mon, 20 Nov 2000 13:58:29 EST." <>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
Reply-to: sommerfeld@xxxxxxxxxxxx
Sender: owner-ietf-kink@xxxxxxxxxxxxx

> KINK is a peer-to-peer protocol, 

yes

> but Kerberos is not.  

kerberos is a 3-party protocol involving a KDC and two principals.

All principals in possession of their long term key can trivially do
peer-to-peer authentication.  the user-to-user extension in kerberos
v5 also lets "clients" which only have a TGT do peer-to-peer
authentication without posession of the long-term key.

					- Bill

References:
- RE: alternative to user-to-user Kerberos in KINK
  - From: Medvinsky, Sasha (SD-EX)

Prev by Date: RE: alternative to user-to-user Kerberos in KINK
Next by Date: RE: alternative to user-to-user Kerberos in KINK
Previous by thread: RE: alternative to user-to-user Kerberos in KINK
Next by thread: Re: alternative to user-to-user Kerberos in KINK
Index(es):
- Date
- Thread