Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
Raul Miller <rdm@test.legislate.com> wrote:
> > IPsec provides authentication and encryption, but the issue is key
> > management. This isn't a minor issue: security derives from the security
> > of the key.
Dan Stromberg <strombrg@hydra.acs.uci.edu> wrote:
> ISAKMP/Oakley is a required part of IPv6, and is used for key management
> with IPSEC.
>
> SKIP also provides key management I believe, but it is only an optional
> part of IPv6.
Yeah, I know, that's not the issue I was trying to point at.
All of these IPSEC mechanisms have a key context which corresponds
roughly to an ip session. Kerberos has a key context which corresponds
roughly to a user session. These are not equivalent.
For what it's worth, ssh provides a key context analogous to that
provided by IPSEC, but not quite the same.
--
Raul
--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@lists.debian.org
Reply to: