[682] in Kerberos
using kerberos for secure mail
daemon@TELECOM.MIT.EDU (Clifford Neuman)
Fri Mar 31 11:24:09 1989
From: bcn@JUNE.CS.WASHINGTON.EDU (Clifford Neuman)
To: ZBEN@UMD2.UMD.EDU
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Ben Cranston's message of Thu, 30 Mar 89 18:36:44 EST <M1989$019850.016118BEN.ZBEN@UMD2.UMD.EDU>
The existing Kerberos protocol can be used to securely pass encryption
keys for secured mail messages without requiring the recipient to be
logged in at the time the message is sent. The recipient of a message
can chose the maximum clock skew allowed. Thus, someone sending a
message could obtain a ticket for the recipient, encrypt the message
in the session key, and pass the ticket along with the encrypted
message. The main drawback for this scheme is that the recipient of
the message would have to enter his key (password) in order to decrypt
the message.
The way you are looking to do things, the recipent would maintain a
"cookie" that is transfered to the sender which could then generate
the encrypted messages autonomously (Actually, it would still be
necessary for the sender to send this cookie to the KDC). In this
case, you are assuming that this "cookie" contains a long lived key.
How are you going to protect that key?
~ Cliff
