[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Basic Cert-2-Directory mapping question

To: "'Richard Levitte at Celo'" <richard.levitte@xxxxxxxxxx>, Anders Rundgren <anders.rundgren@xxxxxxxxx>
Subject: RE: Basic Cert-2-Directory mapping question
From: Hal Lockhart <hal.lockhart@xxxxxxxxxxxxx>
Date: Mon, 8 Jan 2001 11:36:17 -0500
Cc: PKIX-List <ietf-pkix@xxxxxxx>, Philip Hallam-Baker <pbaker@xxxxxxxxxxxx>

> I've always wondered what those "Kerberos Certificates" are, 
> or do you mean
> tickets?  They have nothing to do with PKI, since Kerberos 
> doesn't use PKC. 

This is not true. The Kerberos working group has developed a scheme for
allowing an initial PKI handshake in place of the original symmetric key
scheme. Once the exchange is over, symmetric key-based tickets are used as
always. The spec is:

http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-12.txt

certificates may or may not be used. If they are used, there are special
requirements. For example, the DN must correspond to a Kerberos name/realm.

Hal
=======================================================
Harold W. Lockhart            Entegrity Solutions
2 Mount Royal Avenue          Marlborough, MA 01752 USA
V: 1-508-624-9600 x 260       hal.lockhart@xxxxxxxxxxxxx
F: 1-508-229-0338             www.entegrity.com
=======================================================

Prev by Date: RE: DPD & DPV requirements - Let us Recurse
Next by Date: RE: DPD & DPV requirements - Let us Recurse
Previous by thread: Re: Basic Cert-2-Directory mapping question
Next by thread: Re: Basic Cert-2-Directory mapping question
Index(es):
- Date
- Thread