Strength in Complexity?
Perry E. Metzger
perry at piermont.com
Mon Aug 4 15:41:54 EDT 2008
Tim Hudson <tim.hudson at attglobal.net> writes:
> I think that Arshad's point here is an argument that externalising
> key management handling from normal application logic is a valid one
> but that it is also equally applicable to existing Kerberos
> environments.
>
> I don't think a point beyond "externalisation is good" was trying to
> be made here.
Well, that's not unreasonable.
Of course, if you're looking for ways to add a layer so that
application logic can be detached from authentication logic, GSSAPI is
one answer. People may have varying opinions on GSSAPI, but it does
have the merit of existing and being widely available.
Perry
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list