Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
Raul Miller <firstname.lastname@example.org> wrote:
> > IPsec provides authentication and encryption, but the issue is key
> > management. This isn't a minor issue: security derives from the security
> > of the key.
Dan Stromberg <email@example.com> wrote:
> ISAKMP/Oakley is a required part of IPv6, and is used for key management
> with IPSEC.
> SKIP also provides key management I believe, but it is only an optional
> part of IPv6.
Yeah, I know, that's not the issue I was trying to point at.
All of these IPSEC mechanisms have a key context which corresponds
roughly to an ip session. Kerberos has a key context which corresponds
roughly to a user session. These are not equivalent.
For what it's worth, ssh provides a key context analogous to that
provided by IPSEC, but not quite the same.
E-mail the word "unsubscribe" to firstname.lastname@example.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to email@example.com