themel at iwoars.net
Wed Sep 1 14:59:28 EDT 2004
I'm currently looking into implementing a single sign-on solution for
The requirement profile seems to somewhat fit Kerberos, but I'm
not entirely convinced that I can use it in my scenario - which can't
simply run an off-the-shelf KDC and use UDP for communication with it.
However, years of reading various crypto resources have strongly
conditioned me against simple-minded attempts to "roll my own" as a
I've been trying to study Kerberos' design history in the recent past
and have failed to come up with a good resource that explains why things
are built the way they are.
Since I'm already using OpenSSL for various SSL/x.509 related things,
I'm most astonished by the almost total absence of public key
cryptography in Kerberos, and I haven't been able to find out why this
design choice was made - performance reasons, given that at its
inception public key operation cost was probably much more prohibitive?
So, I'd like to ask the audience:
- Is there a good web/book/whatever resource regarding the design
of Kerberos? Amazon offers the O'Reilly book, which, from the
abstract, seems to take the cryptographic design of Kerberos as
a given and concentrates on its usage, and another one that also
doesn't seem to give much detail on the issue. Something in the
direction of EKR's SSL/TLS book would be very much appreciated.
- Is Kerberos a sane choice to adapt for such solutions today?
Is there anything more recent that I should be aware of?
[extended contact] But let your communication be, Yea, yea; Nay, nay:
[info provided in] for whatsoever is more than these cometh of evil.
[*message header*] - Matthew 5:37
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the cryptography