1995-10-02 - Re: Kerberos

Header Data

From: Rich Salz <rsalz@osf.org>
To: cypherpunks@toad.com
Message Hash: a9efb820e256b60fd60dfdc22d7c2fd10d1c0c37ea39cc2df0f26769f7f18671
Message ID: <9510020033.AA08263@sulphur.osf.org>
Reply To: N/A
UTC Datetime: 1995-10-02 00:33:58 UTC
Raw Date: Sun, 1 Oct 95 17:33:58 PDT

Raw message

From: Rich Salz <rsalz@osf.org>
Date: Sun, 1 Oct 95 17:33:58 PDT
To: cypherpunks@toad.com
Subject: Re: Kerberos
Message-ID: <9510020033.AA08263@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>From: "David J. Bianco" <bianco@itribe.net>
Date: Sun, 24 Sep 1995 16:32:30 -0400

>The Open Software Foundation's Distributed Computing Environment has the
>concept of a central security registry (which is currently based on
>Kerberos).  I haven't delved too deeply into them, but the OSF website has
>some DCE RFCs about adding public key capabilities to the registry.  They
>should be off the OSF home page somewhere at <http://www.osf.org>.

Sort of.  The DCE registry isn't really based on Kerberos.  Rather, DCE
uses Kerberos code to do its private-key stuff.  We're planning on adding
the ability to use public key to get initial tickets to the security server.
Outside of integration with other security domains, this means that the
security server no longer needs to store everyone's private key, reducing
exposure if it's been cracked.

If anyone wants more details on how current or planned DCE security,
drop me a line.  Perhaps some of the other folks on this list who also know
about it will speak up, too.
	/r$, DCE whipping boy





Thread