[15793] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: a suggestion for improving pkinit preauth plugin token choosing

daemon@ATHENA.MIT.EDU (Henry B. Hotz)
Tue May 11 20:24:41 2010

Mime-Version: 1.0 (Apple Message framework v1078)
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
In-Reply-To: <20100511193430.GT9429@oracle.com>
Date: Tue, 11 May 2010 17:24:37 -0700
Message-Id: <2EF16297-5374-474F-B667-17E416DC642F@jpl.nasa.gov>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu


On May 11, 2010, at 12:34 PM, Nicolas Williams wrote:

> We need much more experience here.  IMO Will should proceed with his
> proposal and . . .

Questions about how much complexity is needed aside, I have no objections to Will's proposals.

I have a strong feeling that the situation is really a lot simpler than it appears.  You shouldn't blindly try to accommodate every type of deployment that has been done, because I know people have made some mistakes in existing deployments.  Accommodating mistakes is not what's needed. 

Everyone needs a little more experience here, and I admit that mine is rather specific.

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu




_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post