The biggest problem I have with scaling kerberos to this level is the
amount to which trust also must be scaled. A high-level
authentication server which is responsible for providing
authentication for a lot of other servers would be responsible for a
lot of commercial traffic, and thus it's not difficult to imagine
circumstances in which it would be worth a very large amount of money
to compromise it. What agency/organization do you trust to be so free
of possible corruption and security breaches to guard these high-level
authentication servers that could govern hundreds of millions of
dollars in commercial traffic?
Someone correct me if I'm wrong, but I don't believe kerberos allows
for non-deniability of orgin, which is exactly what is needed for this
kind of an application (i.e. publisher A needs to prove that request I
must have been sent from user B, and could not have been forged by
publisher A, even with the cooperation of authentication authority Q.
Otherwise they can do the electronic equivalent to forging your
signature on credit-card slips, and there's no way to prove whether
user B or publisher A is lying when they disclaim wrongdoing.)
For this kind of thing, I still think PEM is the way to go, as it will
be made interoperable with MIME (which HTTP already uses, a nontrivial
win) quite soon. (Unless, of course, things like electronic cash
actually start being available and used.) The only serious question
is whether the better stopgap is to use kerberos for the time being or
to use symmetric-key PEM until asymmetric becomes useful (which may
not be until the patents run out in a few years, sigh.)
(By the way, this is also going to the newsgroup. I generally am
hesitant to post to the mailing list because I'm really sick of bounce
messages.)
- Marc
-- Marc VanHeyningen mvanheyn@cs.indiana.edu MIME & RIPEM acceptedThe cultural elite are neither! (Or at least they're certainly not the latter.)