Kerberos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "Narayanan," == Narayanan, Vidya <vidyan@xxxxxxxxxxxx> writes:
    Narayanan,> I fully agree. As far as I can tell, using EAP in this
    Narayanan,> manner merely reduces it to a posture transport
    Narayanan,> protocol. The level of security provided by EAPoUDP
    Narayanan,> does not seem to be any greater than a kerberos-based
    Narayanan,> authentication done today in most enterprise networks,
    Narayanan,> considering the presence of switched ethernet. Hence,
    Narayanan,> the only reason to move to EAPoUDP would be to check
    Narayanan,> posture and I agree with Sam that making EAP the
    Narayanan,> posture transport protocol is a bad idea.

Hey!
Speaking as MIT's manager for Kerberos, I'm insulted:-)

We certainly recommend and the Kerberos protocols I'm aware of almost
all support using Kerberos to actually key integrity protection or
confidentiality.  Use in enterprise networks for LDAP, SMTP, file
sharing all support and use binding of integrity or confidentiality.


We strongly discourage the use of Kerberos without integrity bound to
the authentication.

There are a number of cases where Kerberos is used in a manner similar
to radius/diameter, but that's really more for convenience to have
your passwords in one place than because you're making good use of
Kerberos.  You're not making bad use of Kerberos per se, but you
certainly could be providing a lot better security.

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]