Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
On Fri, 13 Mar 1998, Raul Miller wrote:
> IPsec provides authentication and encryption, but the issue is key
> management. This isn't a minor issue: security derives from the security
> of the key.
>
> Kerberos manages keys by providing a central point of control (for
> multiple machines -- which must all be configured to respect that point
> of control). IPsec is much more scalable but doesn't really address user
> or application layer concepts.
>
> I've been presuming that Kerberos could be used to manage IPsec keys.
> This might not be true, I'll have to go study for a bit.
I'm not sure about Kerberos, but Sun is pushing SKIP for key
management with IPSec.
> > > Furthermore, I have some doubt about whether IPsec really addresses
> > > the issues of user authentication and privacy -- in many cases it
> > > seems more applicable to host and maybe application issues.
>
> > Not so. Its a network security protocol.
>
> How does a user authenticate herself with SKIP?
Not sure. I haven't gotten into the details yet.
> Finally, I think that an easy "plug in and configure" version of
> Kerberos would require much of kerberos to go into the kernel, pam
> support, and a bit of design work. But maybe that's not all that
> relevant to this discussion. [Note that I expect we're going to have to
> have some kind of support for Kerberos of some kind because it's being
> built into some mass market products -- but maybe that work should be
> left to the people that need to interoperate with those products?]
I agree in general. A further complication is that there are a least
two version (4 and 5) of Kerberos being used which I believe are
incompatible.
--
Jean Pierre
--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@lists.debian.org
Reply to: