[993] in Kerberos_V5_Development
Re: removing user-user authentication from rcp client
daemon@ATHENA.MIT.EDU (Ralph R. Swick)
Mon Feb 5 08:20:24 1996
To: "Donald T. Davis" <don@cam.ov.com>, hartmans@MIT.EDU (Sam Hartman),
krbdev@MIT.EDU
In-Reply-To: Your message of "Fri, 02 Feb 1996 20:57:58 EST."
<199602030157.UAA06747@gza-client1.cam.ov.com>
Date: Mon, 05 Feb 1996 08:19:17 EST
From: "Ralph R. Swick" <swick@x.org>
Thanks for inviting me back into this discussion, Don. I have
not been paying very much attention to the insides of the Krb5
development activities in the past few years. But it is always
good to go back and reflect on old decisions and see if and how
new data might cause them to be modified.
It is most certainly true that we did not leave behind us enough
dissertation on the rationale for and expected styles of use of
the user-to-user authentication protocol. I now regret that.
I still believe that storing persistent authentication secrets
on today's canonical personal workstation hardware is a practice
to be avoided. But in real life people are willing to make
compromises in the interest of convenience. I think it
remains our responsibility to supply them complete
information on which to base their decisions and to permit
them to build/retain the more secure--even if somewhat less
"convenient"--environment if they so choose.
My immediate schedule for the next few weeks won't permit me
much time to study/converse about this at greater depth but
I would look forward to more conversations after that. In
particular, I fully intend to free some time to study Tom Yu's
implementation of user-to-user for X, which to my great dismay
I've not yet been able to accomplish. This has had such a
long incubation time; it will be very nice to see it completed!
-Ralph
