[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: discuss on draft-ietf-kink-kink-05.txt
In message <E19hjCx-000Gr9-PB@ran.psg.com>, Randy Bush writes:
>btw, though i was a long-time dog lover, and have some small
>understanding of ipsec, i am not qualified to judge if this
>really is a reasonable way to do this. sure you can use the
>dog to do the key establishment. but i don't understand the
>resultant vulnerability profile of the combination of krb
>for phase one and ike phase two.
>
>and does anybody really want to use this anyway? are there
>still dog lovers out there?
Plenty of them -- Kerberos is integral to win2k.
But the real motive for kink is the cable modem industry -- there was a
spot where they were very worried about central site performance from
lots of public key operation, but it was centralized enough usage that
Kerberos made sense.
--Steve Bellovin, http://www.research.att.com/~smb