[36232] in Kerberos
What happened to PKCROSS?
daemon@ATHENA.MIT.EDU (Rick van Rein)
Tue Jul 1 14:01:33 2014
From: Rick van Rein <rick@openfortress.nl>
Date: Tue, 1 Jul 2014 20:01:17 +0200
To: kerberos@mit.edu
Message-Id: <56D9F022-45B6-44B1-BAF8-3E42AFDB95EA@openfortress.nl>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hello,
I’ve been thinking about realm-crossing lately, specifically between hitherto unknown parties — that is, for use across the general Internet.
With DANE installed as an RFC, I can see ways of placing public keys and/or X.509 certificates in signed DNS, thus enabling strong security for a KDC which uses such certificates. Better even, the DANE entries mention the service port, so they’re even adding information to separate the KDC from other services.
Then I ran into PKCROSS, a seemingly promising attempt at doing just this, except that it probably preceeded DANE and ran into certificate distribution problems. Or was this not what happened to it? I cannot find anything but hopes and promises; why has it never advanced into an RFC?
Thanks,
Rick van Rein
OpenFortress
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
