[15793] in Kerberos_V5_Development
Re: a suggestion for improving pkinit preauth plugin token choosing
daemon@ATHENA.MIT.EDU (Henry B. Hotz)
Tue May 11 20:24:41 2010
Mime-Version: 1.0 (Apple Message framework v1078)
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
In-Reply-To: <20100511193430.GT9429@oracle.com>
Date: Tue, 11 May 2010 17:24:37 -0700
Message-Id: <2EF16297-5374-474F-B667-17E416DC642F@jpl.nasa.gov>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On May 11, 2010, at 12:34 PM, Nicolas Williams wrote:
> We need much more experience here. IMO Will should proceed with his
> proposal and . . .
Questions about how much complexity is needed aside, I have no objections to Will's proposals.
I have a strong feeling that the situation is really a lot simpler than it appears. You shouldn't blindly try to accommodate every type of deployment that has been done, because I know people have made some mistakes in existing deployments. Accommodating mistakes is not what's needed.
Everyone needs a little more experience here, and I admit that mine is rather specific.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev