Re: FYI: Plexus 2.1 is now available

Marc VanHeyningen (mvanheyn@cs.indiana.edu)
Tue, 25 May 1993 12:26:38 -0500


Thus wrote: Rob Raisch
>> > 1) Kerberos should normally be invisible to users; there should be a
>> > TGT whenever the user is logged in.
>> Yes, for a single realm. The problem is that with the Web you are reading
>> documents from all over (many possible realms). Are you going to require
>> that the user kinit in a shell window for each document at a different
>> site (possibly having to exit the browser each time for line-mode browsers
>> with no job control)?
>
> Well, this is the problem. The solution is not to use something like
>Kerberos to authenticate a user to a publisher, since Kerberos does not scale
>to
>the level we are going to need on the Global Internet.
>
> [much more stuff by many people about kerberos deleted]

The biggest problem I have with scaling kerberos to this level is the
amount to which trust also must be scaled. A high-level
authentication server which is responsible for providing
authentication for a lot of other servers would be responsible for a
lot of commercial traffic, and thus it's not difficult to imagine
circumstances in which it would be worth a very large amount of money
to compromise it. What agency/organization do you trust to be so free
of possible corruption and security breaches to guard these high-level
authentication servers that could govern hundreds of millions of
dollars in commercial traffic?

Someone correct me if I'm wrong, but I don't believe kerberos allows
for non-deniability of orgin, which is exactly what is needed for this
kind of an application (i.e. publisher A needs to prove that request I
must have been sent from user B, and could not have been forged by
publisher A, even with the cooperation of authentication authority Q.
Otherwise they can do the electronic equivalent to forging your
signature on credit-card slips, and there's no way to prove whether
user B or publisher A is lying when they disclaim wrongdoing.)

For this kind of thing, I still think PEM is the way to go, as it will
be made interoperable with MIME (which HTTP already uses, a nontrivial
win) quite soon. (Unless, of course, things like electronic cash
actually start being available and used.) The only serious question
is whether the better stopgap is to use kerberos for the time being or
to use symmetric-key PEM until asymmetric becomes useful (which may
not be until the patents run out in a few years, sigh.)

(By the way, this is also going to the newsgroup. I generally am
hesitant to post to the mailing list because I'm really sick of bounce
messages.)

- Marc

--
Marc VanHeyningen   mvanheyn@cs.indiana.edu   MIME & RIPEM accepted

The cultural elite are neither! (Or at least they're certainly not the latter.)