[10] in WWW Security List Archive
[Lei_Tang@GS59.SP.CS.CMU.EDU: Re: Kerberos authentication for X-Mosaic 2.4 and NCSA HTTPD]
daemon@ATHENA.MIT.EDU (yandros@MIT.EDU)
Fri Aug 12 14:45:00 1994
From: yandros@MIT.EDU
Date: Fri, 12 Aug 1994 14:44:57 +0500
To: www-security.discuss@charon.LOCAL
From: Lei_Tang@GS59.SP.CS.CMU.EDU
To: Doug Rosenthal <rosenthl@mcc.com>
Cc: Lei_Tang@gs59.sp.cs.cmu.edu, www-security@ns1.rutgers.edu
Subject: Re: Kerberos authentication for X-Mosaic 2.4 and NCSA HTTPD
In-Reply-To: Your message of "Fri, 12 Aug 94 11:06:00 CDT."
<9408121606.AA20604@krypton.mcc.com>
Date: Fri, 12 Aug 94 12:34:31 -0400
>If the server and the client are in the same realm(kerberos name),
>it is OK since the TGS knows the secret key of the server. But if the
>client and the server are not in the same realm(that is the most often
>case in Internet), the server must share some secret with TGS to
>gurantee privacy and integrity.
>>Actually, the two *realms* must share a key (in v4, or have
>>hierarchical realms with v5), to enable cross-realm authentication.
In my opinion, the server side does not necessary has a kerberos server.
If the server does not have kerberos server is his realm, he can register
a key the the TGS of the client's realm to do authentication. So cross-realm auth
is not necessay. If the server does have kerberos server, they can so cross
realm auth in case that the two realm share some secret.
> Personally, I do not think the on-line service is good because the
>on-line certifcate server is a bottleneck and hence affect the scalability of
>the system since the system is indended for Internet community.
>Also on-line certificate increasing the cost of charging.
(for example, credit card company uses on-line certificate server.
guess what is the cost for using VISA card: $3/per transaction, this number
was from some guy working for VISA, while the cost for check transaction
is 50-60 cents /per transaction.) But the main problem is scalability.
Also you have to think about fault tolerance, what happens if the
on-line service crash? ......
--ltang
>>The certificate service technology would need to support distributed,
>>replicated servers, time-to-live on certificate validation, etc. to
>>deal with scalability, efficiency, etc. There are known solutions to
>>these problems, i.e. scaling in large distributed systems. For
>>example, hierarchical Kerberos realms, the DNS, X.500 directory.
There are two most used ways to improve the scalabilty and availabilty of the
distributed system: caching and replication. (for example, Andrew file system,
whole file caching, coda file system caching and replication).
For financial transaction, caching is not good for security reason.
SO the only choice is replication. But how can you make the replication
secure. How can you make sure some copy is the real replication, not a bogus one,
this introduce a new security problem! By the way, is the hierarchical
kerberos realms widely used? If it is widely used, the authentication
prolem in Internet can be solved. What about the trust cascade problem:
If A trusts B, B trusts C, does this means A trusts C. kerberos cross-realm
assume that!
--ltang
