Re: Shishi and certificates

help-shishi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shishi and certificates

From:	Simon Josefsson
Subject:	Re: Shishi and certificates
Date:	Thu, 30 Nov 2006 15:43:05 +0100
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.91 (gnu/linux)

Simon Josefsson <address@hidden> writes:

> First, let me clarify my proposal: Shishi clients open a TLS
> connection to the Shishi KDC, client-authenticated with X.509 or
> OpenPGP, and then sends the AP-REQ inside the TLS channel to shishid.
>
> If the client certificate/key map to a Kerberos principal, shishid
> will send the proper AP-REP back using Kerberos NULL encryption inside
> the encrypted TLS channel.

Oops, of course I meant AS-REQ and AS-REP there.  For TGS-REP, it will
use the TGT key, although in theory it would be possible to avoid it
and send it NULL encrypted too.  I don't see any advantage in that,
though.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Shishi and certificates, Alberto Fondi, 2006/11/29
- Re: Shishi and certificates, Simon Josefsson, 2006/11/30
  - Message not available
    - Re: Shishi and certificates, Simon Josefsson, 2006/11/30
    - Re: Shishi and certificates, Simon Josefsson <=

Prev by Date: Re: Shishi and certificates
Previous by thread: Re: Shishi and certificates
Index(es):
- Date
- Thread