[764] in Kerberos
Re: Proposal for long-lived revocable tickets.
daemon@TELECOM.MIT.EDU (Jerry Saltzer)
Fri Jul 21 14:44:01 1989
From: saltzer@SRC.DEC.COM (Jerry Saltzer)
To: John T Kohl <jtkohl@ATHENA.MIT.EDU>
Cc: kerberos@ATHENA.MIT.EDU, krb-protocol@ATHENA.MIT.EDU
In-Reply-To: Your message of Wed, 5 Jul 89 13:58:42 EDT
John suggests,
"1) an entry in the hot list need only be maintained in that list until
the maximum site "life" has passed. After this point, any hot-listed
ticket will no longer be valid for obtaining a replacement, as it will
have expired.
2) The hot list should be short and easy to maintain."
The initial, zero-order implementation could be just to hold the
user's name and refuse to renew any tickets for that user
until LIFE has passed. That would be a little inconvenient for
the user, but on the other hand, the use of revocation and
hot lists would probably be a very rare event; polishing to
improve the granularity of revocation is something that can
be left as a future exercise.
Jerry
