[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Useful utility?

To: Black Unicorn <[email protected]>
Subject: Re: Useful utility?
From: Marc Horowitz <[email protected]>
Date: 15 Apr 1997 15:31:09 -0400
Cc: cypherpunks <[email protected]>, [email protected]
In-Reply-To: Black Unicorn's message of Tue, 15 Apr 1997 13:00:30 -0400 (EDT)
References: <[email protected]>
Sender: [email protected]

Black Unicorn <[email protected]> writes:

>> I've been hearing a lot of complaints from sysadmins who I try to convince
>> to run SSH lately.
>> 
>> "Key management is too difficult."
>> "I cant keep track of all that stuff."
>> 
>> I think that an interesting answer might be a ssh key issuing "robot." or
>> vending machine of sorts.
>> 
>> It might works something like this.
>> 
>> [ details omitted ]
>> 
>> Comments?

It sounds like you've basically reinvented Kerberos, at least from a
key management perspective.  If you consider some of the pk extensions
to Kerberos which have been proposed recently, it's even vaguely
similar cryptographically.

SSH is great if you control everything in your environment, and if the
number of users and endpoints is small.  But as these parameters grow
and change, Kerberos is more useful, because it scales more easily.
What would be truly useful would be to combine the different
approaches, so that you could use whichever mode was most appropriate
to your environment.  This is possible, but the details are subtle,
and would probably make backward compatibility difficult.

		Marc

References:
- Useful utility?
  - From: Black Unicorn <[email protected]>

Prev by Date: The Ethics of Electronic Information
Next by Date: Re: FCC to take control of the Net? Domain names and addresses...
Prev by thread: Useful utility?
Next by thread: The Ethics of Electronic Information
Index(es):
- Date
- Thread