Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
On Fri, 13 Mar 1998, Raul Miller wrote:
> Jean Pierre LeJacq <jplejacq@quoininc.com> wrote:
> > This is a fundamental flaw with kerberos (and SSL and similiar
> > systems). I believe that a better approach is to move encryption and
> > authentication down to the IP layer as is done with SKIP and IPsec.
> > ALL applications and protocols will then work without modification.
>
> Er.. there's no reason not to use Kerberos and IPsec together.
I'm not particular familiar with IPsec but SKIP provides
authentication. True you could use Kerberos but it would be
redundant. Not to say that Kerberos wouldn't be nice to have in
Debian but, as you mentioned earlier, it would require patching all
network applications.
> Furthermore, I have some doubt about whether IPsec really addresses
> the issues of user authentication and privacy -- in many cases it
> seems more applicable to host and maybe application issues.
Not so. Its a network security protocol.
> Also, SKIP, as far as I know, is an example of an early IPsec effort,
> and SSL does not address all the same issues.
Not so. SKIP is a competitor for ISAKMP which is part of IPSec. That
is the major disadvantage of SKIP; IETF has selected ISAKMP for
standardization. However, there are few if any implementation of
ISAKMP and none that I know of for Linux. Anyone have pointers here?
SKIP is available now for many platforms and its seems to be getting
industry backing.
> Raul, wondering about the implications of a Kerberos and ssh combo.
SKIP is very much like ssh except all the work is done at the IP level
and all protocols get the benefit of encryption/authentication.
--
Jean Pierre
--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@lists.debian.org
Reply to: