[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)

Raul Miller <rdm@test.legislate.com> wrote:
> > IPsec provides authentication and encryption, but the issue is key
> > management. This isn't a minor issue: security derives from the security
> > of the key.

Dan Stromberg <strombrg@hydra.acs.uci.edu> wrote:
> ISAKMP/Oakley is a required part of IPv6, and is used for key management
> with IPSEC.
> SKIP also provides key management I believe, but it is only an optional
> part of IPv6.

Yeah, I know, that's not the issue I was trying to point at.

All of these IPSEC mechanisms have a key context which corresponds
roughly to an ip session.  Kerberos has a key context which corresponds
roughly to a user session.  These are not equivalent.

For what it's worth, ssh provides a key context analogous to that
provided by IPSEC, but not quite the same.


E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@lists.debian.org

Reply to: