On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote: > There have been some conversations behind Red Hat doors about > improving the state of Kerberos/TLS in both standards and > implementations. Could we maybe have a broader conversation about how > to fix this situation? To be blunt, if you want better Kerberos support in TLS, the fix is to expand the TLS WG charter to explore new directions in TLS Kerberos support. Given all the current efforts on 1.3, this is not going to happen for quite some time. There's nothing that can be done in just OpenSSL, and the right immediate action is to drop support for the obsolete protocol. [ FWIW, Nico concurs. ] -- Viktor.
