[681] in Kerberos
using kerberos for secure mail
daemon@TELECOM.MIT.EDU (Ben Cranston)
Thu Mar 30 19:07:12 1989
From: Ben Cranston <ZBEN@UMD2.UMD.EDU>
To: kerberos <kerberos@ATHENA.MIT.EDU>
I have been looking at the Davis and Swick paper with an eye to using the
Kerberos protocols (or an extension of same) to generate encryption keys
for secured mail messages. I see how their scheme could be used as stands
to generate a user-to-user session key, but this would require that both the
sender and receiver have valid TGS keys (i.e. actually be signed on).
I would like to design a scheme under which the receiver would generate
some cookie and transfer it to the sender, who could then generate encrypted
messages autonomously.
I have also done a paper on using (an extension to) Kerberos to generate
digital signatures (basically sealing a checksum for the user). Since both
of these schemes touch upon the idea of session keys (tickets) that last
longer than the 8 hours or so of a maximal workstation session, they are
somewhat related.
If anybody is currently working in this area or has good ideas I would like
to know about it. (But, but, but it's MY wheel! And, and, and it's just
big enough to reach the ground! :-)
