[39597] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: interested in discussing some Kerberos improvements

daemon@ATHENA.MIT.EDU (Nico Williams)
Fri Apr 3 00:43:33 2026

Date: Thu, 2 Apr 2026 23:42:15 -0500
From: Nico Williams <nico@cryptonector.com>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
Message-ID: <ac9FJ99n1xMWq7rU@ubby>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <202604030220.6332K860020338@hedwig.cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Thu, Apr 02, 2026 at 10:20:07PM -0400, Ken Hornstein via Kerberos wrote:
> I can think of situations where you might be issued X.509 certificates
> that you would want to use for authentication, rather than a keytab.

Like a TPM.  Just in time to be obsoleted by the move to PQC.

(Though, still, if you treat the public keys as secrets then it can be
safe should we get a CRQC.)

Nico
-- 
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[39597] in Kerberos

Re: interested in discussing some Kerberos improvements

daemon@ATHENA.MIT.EDU (Nico Williams)Fri Apr 3 00:43:33 2026

daemon@ATHENA.MIT.EDU (Nico Williams)
Fri Apr 3 00:43:33 2026