[OpenAFS] Re: why kerberos only works in monolithic organizations
Fri, 30 Dec 2005 12:57:26 -0800
Commercial CA's are a red herring.
Key distribution will always be a challenge, and commercial CA's are
unlikely to ever be the right/best solution. However, public key
crypto changes the problem from "secure two-way channel" to
Example: the fact that the BERKELEY.EDU kdc admin had to add an entry
to the kdc for my AFS server *just so that I could verify the
identities of its users* is a technological anachronism. All that
should have been necessary is for me to access a place where some
"BERKELEY.EDU public key" is reliably advertised. Any requirement
stronger than that is a needless burden.