[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: discuss on draft-ietf-kink-kink-05.txt

To: Randy Bush <randy@psg.com>
Subject: Re: discuss on draft-ietf-kink-kink-05.txt
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 30 Jul 2003 08:07:54 -0400
Cc: iesg <iesg@ietf.org>

In message <E19hjCx-000Gr9-PB@ran.psg.com>, Randy Bush writes:
>btw, though i was a long-time dog lover, and have some small
>understanding of ipsec, i am not qualified to judge if this
>really is a reasonable way to do this.  sure you can use the
>dog to do the key establishment.  but i don't understand the
>resultant vulnerability profile of the combination of krb
>for phase one and ike phase two.
>
>and does anybody really want to use this anyway?  are there
>still dog lovers out there?

Plenty of them -- Kerberos is integral to win2k.

But the real motive for kink is the cable modem industry -- there was a 
spot where they were very worried about central site performance from 
lots of public key operation, but it was centralized enough usage that 
Kerberos made sense.

		--Steve Bellovin, http://www.research.att.com/~smb

Follow-Ups:
- Re: discuss on draft-ietf-kink-kink-05.txt
  - From: Randy Bush <randy@psg.com>

Prev by Date: Re: CAPWAP BOF follow up: nmrg - CAPWAP
Next by Date: IESG Telechat Agenda Item under Management Issues: IESG architectural questions to IAB
Previous by thread: Re: discuss on draft-ietf-kink-kink-05.txt
Next by thread: Re: discuss on draft-ietf-kink-kink-05.txt
Index(es):
- Date
- Thread