Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)

To: Dan Stromberg <strombrg@hydra.acs.uci.edu>
Cc: Jean Pierre LeJacq <jplejacq@quoininc.com>, debian-devel@va.debian.org
Subject: Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
From: Raul Miller <rdm@test.legislate.com>
Date: Fri, 13 Mar 1998 19:27:52 -0500
Message-id: <[🔎] 19980313192752.26342@hazel>
Mail-followup-to: Dan Stromberg <strombrg@hydra.acs.uci.edu>, Jean Pierre LeJacq <jplejacq@quoininc.com>, debian-devel@va.debian.org
In-reply-to: <[🔎] 3509CBD1.3B95@hydra.acs.uci.edu>; from Dan Stromberg on Fri, Mar 13, 1998 at 04:14:09PM -0800
References: <[🔎] 19980313081115.02822@hazel> <[🔎] m0yDV8M-000b9GC@mail.quoininc.com> <[🔎] 19980313094905.14097@hazel> <[🔎] 3509CBD1.3B95@hydra.acs.uci.edu>

Raul Miller <rdm@test.legislate.com> wrote:
> > IPsec provides authentication and encryption, but the issue is key
> > management. This isn't a minor issue: security derives from the security
> > of the key.

Dan Stromberg <strombrg@hydra.acs.uci.edu> wrote:
> ISAKMP/Oakley is a required part of IPv6, and is used for key management
> with IPSEC.
> 
> SKIP also provides key management I believe, but it is only an optional
> part of IPv6.

Yeah, I know, that's not the issue I was trying to point at.

All of these IPSEC mechanisms have a key context which corresponds
roughly to an ip session.  Kerberos has a key context which corresponds
roughly to a user session.  These are not equivalent.

For what it's worth, ssh provides a key context analogous to that
provided by IPSEC, but not quite the same.

-- 
Raul

--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@lists.debian.org

Reply to:

References:
- Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
  - From: Raul Miller <rdm@test.legislate.com>
- Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
  - From: Jean Pierre LeJacq <jplejacq@quoininc.com>
- Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
  - From: Raul Miller <rdm@test.legislate.com>
- Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
  - From: Dan Stromberg <strombrg@hydra.acs.uci.edu>

Prev by Date: Re: ftp://koobera.math.uic.edu/www/qmail/dist.html]
Next by Date: lost package
Previous by thread: Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
Next by thread: Re: Intent to package kth kerberos (krb4 or heimdal, not sure which)
Index(es):
- Date
- Thread