[39182] in Kerberos
Re: appl/simple/client/sim_client.c uses internal APIs
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Feb 24 14:40:23 2023
From: Sam Hartman <hartmans@suchdamage.org>
To: Chris Hecker <checker@d6.com>, Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
In-Reply-To: <CAOdMLc1Pq=xER+C783--iQp1cbfj=iU1NfogVSfj4frm8=XeWQ@mail.gmail.com>
Date: Fri, 24 Feb 2023 19:25:39 +0000
Message-ID: <0100018684e362d5-f4c8fd6d-ef2f-44b1-ab43-61a7d0aa20eb-000000@email.amazonses.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
>>>>> "Chris" == Chris Hecker <checker@d6.com> writes:
Chris> I guess if I’m on a tear saying forbidden things, sometimes
Chris> identity is all you need, you don’t want all the samples to
Chris> encrypt everything, because that makes it look like you have
Chris> to, which you don’t? It is use-case dependent, and krb5 is
Chris> great because it is granular enough to let developers choose
Chris> what they do for their own use-cases.
My suspicion is that people are still really bad at figuring out whether
they need integrity.
I think a sample that does not either use TLS or use integrity
protection does a disservice to the community.
Because basically I don't think there are a lot of cases where identity
is all you need (other than when running over TLS), and I think people
are far more likely to believe they can get away with just identity than
is actually the case.
--Sam
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
