Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
Raul Miller wrote:
>
> Jean Pierre LeJacq <jplejacq@quoininc.com> wrote:
> > This is a fundamental flaw with kerberos (and SSL and similiar
> > systems). I believe that a better approach is to move encryption and
> > authentication down to the IP layer as is done with SKIP and IPsec.
> > ALL applications and protocols will then work without modification.
>
> Er.. there's no reason not to use Kerberos and IPsec together.
>
> Furthermore, I have some doubt about whether IPsec really addresses
> the issues of user authentication and privacy -- in many cases it
> seems more applicable to host and maybe application issues.
>
> Also, SKIP, as far as I know, is an example of an early IPsec effort,
> and SSL does not address all the same issues.
IMO, once ipsec is deployed, kerberos (and to a lesser extent SSL and
ssh) will be a lot of dead weight - an annoying maintenance burden.
Even the -authors- of kerberos acknowledge that it's a bit of a hack
designed to work around some obnoxious patents - patents which will
expire in the near future (D-H' has already).
That said, ipsec isn't perfect. EG, it probably won't help RPC
applications much.
--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@lists.debian.org
Reply to: