[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: alternative to user-to-user Kerberos in KINK

To: sommerfeld@xxxxxxxxxxxx
Subject: Re: alternative to user-to-user Kerberos in KINK
From: Michael Thomas <mat@xxxxxxxxx>
Date: Tue, 21 Nov 2000 07:40:10 -0800 (PST)
Cc: Jan Vilhuber <vilhuber@xxxxxxxxx>, "Medvinsky, Sasha (SD-EX)" <SMedvinsky@xxxxxx>, Derek Atkins <warlord@xxxxxxx>, "'Michael Thomas'" <mat@xxxxxxxxx>, "'ietf-kink@xxxxxxxx'" <ietf-kink@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-kink@xxxxxxxxxxxxx

Bill Sommerfeld writes:
 > > Agreed. I measure it in terms of added complexity WITHIN the same protocol. A
 > > new enrollment protocol may be somewhat complex, but this complexity is
 > > orthogonal to KINK, thus making KINK easier to analyze for security. Adding
 > > more exchanges for corner-cases certainly doesn't help people analyze it for
 > > weaknesses.
 > 
 > true.  i've suggested on numerous occasions that KINK should avoid
 > this problem by always using user-to-user.

   User-User pretty much forces the normal create
   SA case to be a  two round trip affair. One of
   the goals here is to reduce keying latency, and
   cutting out round trips is an obvious means to
   that goal.

		Mike

References:
- Re: alternative to user-to-user Kerberos in KINK
  - From: Jan Vilhuber
- Re: alternative to user-to-user Kerberos in KINK
  - From: Bill Sommerfeld

Prev by Date: Re: alternative to user-to-user Kerberos in KINK
Next by Date: Re: alternative to user-to-user Kerberos in KINK
Previous by thread: Re: alternative to user-to-user Kerberos in KINK
Next by thread: Re: alternative to user-to-user Kerberos in KINK
Index(es):
- Date
- Thread