And we could go even further: certificates. The DCE-PKI RFC 68.4 takes Kerberos to a new level: certificate-granting-certificates. This RFC specifies the extension of DCE (particularly the Kerberos part) to include certificate capabilities. I'd provide the URL to the RFC, but it seems to have vanished from all the usual sites... On Mon, 19 Apr 1999, Trevor Schroeder wrote: > It seems to me that a lot of this could be avoided using tickets similar to > Kerberos. We have a trusted third party (TTP) that receives your > credentials once and returns a ticket for a set of services with a given > lifetime. This ticket is good only within a certain context (certain > services, servers, clients, times, dates, you name it and it can be rolled > into the ticket). That way if the ticket is compromised, it is of limited > use (versus a full blown password with may be useful in other contexts.) Daniel Alex Finkelstein New Technologies phone 212-383-2951 pager 917-427-1630 fax 212-383-3289 Securities Industry Automation Corporation
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:58 PDT