[925] in Kerberos
re: Re: Authentication methods of Kerberos...
daemon@ATHENA.MIT.EDU (Jerome H Saltzer)
Tue May 1 01:20:22 1990
Date: Tue, 1 May 90 01:13:47 EDT
To: o.gp.cs.cmu.edu!PLAY.MACH.CS.CMU.EDU!bsy@PT.CS.CMU.EDU (Bennet Yee)
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: o.gp.cs.cmu.edu!PLAY.MACH.CS.CMU.EDU!bsy@PT.CS.CMU.EDU (Bennet Yee)'s message of 1 May 90 02:41:40 GMT
From: Jerome H Saltzer <Saltzer@MIT.EDU>
The discussion of the merits of the idealized Needham & Schroeder
protocol versus an idealized Zero-Knowledge Proof protocol seems more
appropriate for a mailing list dedicated to academic analysis of
theoretical proposals.
Kerberos does not use an ideal Needham & Schroeder protocol, not even
after the usual (idealized) description of the replay modification is
added to N&S. Kerberos is an engineered design that borrows its
basic concept from N&S, but adding a large number of carefully
thought-through tradeoffs among performance, manageability,
availability, reliability, recovery, implementation effort, security,
and probable threats. If there were a similar completely engineered,
production-quality and field-tested system design based on
Zero-Knowledge Proofs, then it would be of considerable interest to
compare them. Lacking that, I suggest moving the discussion to a
different, more theoretical, venue from the Kerberos mailing list.
Jerry Saltzer
