[OpenAFS] why kerberos only works in monolithic organizations

[Russ Allbery]

Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:

> In theory you don't need to encrypt the CA certificate, but you should
> verify it's integrity somehow.  This is one of the places where PKI
> tends to cheat; it works great in the usual case where web browsers have
> a standard list of CAs that they accept.

For values of great equal to "trusting a bunch of commercial CAs proven to
be willing to hand out signed certificates to random people with only a
minimum of identification."  I definitely would not trust, say, Verisign
to do identity management properly.  They're more interested in making
money.

> While I agree it removes the need to share a _secret_, they still need
> to have some sort of trust relationship that should in theory involve
> some out-of-band initialization.  At the end of the day, I don't see
> this fundamentally easier than the initialization that Kerberos does.

Agreed.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>