[39180] in Kerberos
Re: appl/simple/client/sim_client.c uses internal APIs
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Fri Feb 24 14:29:10 2023
Message-ID: <202302241924.31OJOwVm003659@hedwig.cmf.nrl.navy.mil>
To: Chris Hecker <checker@d6.com>
cc: kerberos@mit.edu
In-Reply-To: <CAOdMLc1Pq=xER+C783--iQp1cbfj=iU1NfogVSfj4frm8=XeWQ@mail.gmail.com>
MIME-Version: 1.0
Date: Fri, 24 Feb 2023 14:24:58 -0500
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
>I guess if I’m on a tear saying forbidden things, sometimes identity is all
>you need, you don’t want all the samples to encrypt everything, because
>that makes it look like you have to, which you don’t? It is use-case
>dependent, and krb5 is great because it is granular enough to let
>developers choose what they do for their own use-cases.
I'd like to push back on THIS a bit.
While I agree that you don't ALWAYS need to encrypt everything, I would
argue that in 2023 you should to encrypt everything 99% of the time, and
the 1% you don't you should think about very carefully. And having the
samples encrypt stuff would be helpful as examples (and to take later
further point, the breakdown between sample/simple always confuses me as
well).
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
