[817] in Kerberos
Re: kerberos application to OSI
daemon@ATHENA.MIT.EDU (Repatriated Treehugger)
Fri Dec 8 14:30:35 1989
From: barlow@DECWET.ENET.DEC.COM (Repatriated Treehugger)
To: "lloyd@EXCELAN.COM"@CRL.DEC.COM
Cc: "kerberos@ATHENA.MIT.EDU"@CRL.DEC.COM
Lloyd Spencer writes:
> I would whole-heartedly support the incorporation of a Kerberos-like
> services into FTAM, for example. The current unencoded password
> scheme is rather poor, and therefore leaves me to conclude that any
> proposed security scheme is better than none (well, in effect none).
> Although it is not my intention to be unduly critical of the FTAM
> specification nor its proponents, I would like to see more attention
> given to security.
>
> Similarly, I would like to know whether there is an effort to
> integrate a Kerberos-like service with OSI application services, such
> as FTAM, for example? We (i.e. Novell) would be interested in
> assisting and/or following up on this area since security is a key
> concern (yes, even in the area of OSI).
Note that the password encoding within FTAM is expressed as
Password ::= [APPLICATION 17] CHOICE {
GraphicString,
OCTET STRING }
The octet string encoding choice was explicitly placed there for future
use of better authentication techniques than graphicstring passwords.
Stick your Kerberos ticket in there, and you've got strong
authentication, and are completely ISO conformant!
Doug Barlow
Ex ANSI FTAM Rapporteur
Digital Equipment Corporation
