[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: alternative to user-to-user Kerberos in KINK
Bill Sommerfeld writes:
> > Agreed. I measure it in terms of added complexity WITHIN the same protocol. A
> > new enrollment protocol may be somewhat complex, but this complexity is
> > orthogonal to KINK, thus making KINK easier to analyze for security. Adding
> > more exchanges for corner-cases certainly doesn't help people analyze it for
> > weaknesses.
> true. i've suggested on numerous occasions that KINK should avoid
> this problem by always using user-to-user.
User-User pretty much forces the normal create
SA case to be a two round trip affair. One of
the goals here is to reduce keying latency, and
cutting out round trips is an obvious means to