[35988] in Kerberos
Re: Distributed Kerberos5? Fwd: NSA backdoor risks in Kerberos
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Apr 2 16:35:45 2014
From: Russ Allbery <eagle@eyrie.org>
To: Wang Shouhua <shouhuaw@gmail.com>
In-Reply-To: <CANzOW++FGZiOq+-PswdW_GBv7nUV7mjzLRwdzr_QhX9T3+mEGg@mail.gmail.com>
(Wang Shouhua's message of "Wed, 2 Apr 2014 21:52:29 +0200")
Date: Wed, 02 Apr 2014 13:35:28 -0700
Message-ID: <87eh1fxyen.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Wang Shouhua <shouhuaw@gmail.com> writes:
> On 2 April 2014 20:45, Russ Allbery <eagle@eyrie.org> wrote:
>> With Kerberos, it's always worth being aware that it's a trusted
>> central authentication system.
> Isn't there a distributed version of Kerberos5 which avoids this
> problem?
Trusted third party is inherent in the Kerberos protocol, and indeed
inherent in Needham-Schroeder. If it didn't use trusted third party, it
wouldn't be Kerberos, it would be something else.
--
Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
