Strength in Complexity?

Perry E. Metzger perry at
Mon Aug 4 15:41:54 EDT 2008

Tim Hudson <tim.hudson at> writes:
> I think that Arshad's point here is an argument that externalising
> key management handling from normal application logic is a valid one
> but that it is also equally applicable to existing Kerberos
> environments.
> I don't think a point beyond "externalisation is good" was trying to
> be made here.

Well, that's not unreasonable.

Of course, if you're looking for ways to add a layer so that
application logic can be detached from authentication logic, GSSAPI is
one answer. People may have varying opinions on GSSAPI, but it does
have the merit of existing and being widely available.

Perry E. Metzger		perry at

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list