[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: alternative to user-to-user Kerberos in KINK

To: Jan Vilhuber <vilhuber@xxxxxxxxx>
Subject: Re: alternative to user-to-user Kerberos in KINK
From: Bill Sommerfeld <sommerfeld@xxxxxxxxxxxx>
Date: Mon, 20 Nov 2000 16:38:42 -0500
Cc: Bill Sommerfeld <sommerfeld@xxxxxxxxxxxx>, "Medvinsky, Sasha (SD-EX)" <SMedvinsky@xxxxxx>, Derek Atkins <warlord@xxxxxxx>, "'Michael Thomas'" <mat@xxxxxxxxx>, "'ietf-kink@xxxxxxxx'" <ietf-kink@xxxxxxxx>
In-reply-to: Your message of "Mon, 20 Nov 2000 13:31:15 PST." <>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
Reply-to: sommerfeld@xxxxxxxxxxxx
Sender: owner-ietf-kink@xxxxxxxxxxxxx

> Agreed. I measure it in terms of added complexity WITHIN the same protocol. A
> new enrollment protocol may be somewhat complex, but this complexity is
> orthogonal to KINK, thus making KINK easier to analyze for security. Adding
> more exchanges for corner-cases certainly doesn't help people analyze it for
> weaknesses.

true.  i've suggested on numerous occasions that KINK should avoid
this problem by always using user-to-user.

					- Bill

Follow-Ups:
- Re: alternative to user-to-user Kerberos in KINK
  - From: Michael Thomas
- Re: alternative to user-to-user Kerberos in KINK
  - From: Jan Vilhuber

References:
- Re: alternative to user-to-user Kerberos in KINK
  - From: Jan Vilhuber

Prev by Date: Re: alternative to user-to-user Kerberos in KINK
Next by Date: Re: alternative to user-to-user Kerberos in KINK
Previous by thread: Re: alternative to user-to-user Kerberos in KINK
Next by thread: Re: alternative to user-to-user Kerberos in KINK
Index(es):
- Date
- Thread