Arshad Noor <[EMAIL PROTECTED]> writes: > Perry E. Metzger wrote: >> That said, kerberos tickets can persist even in the face of >> disconnects, so once you've connected tickets can survive as long as >> you wish. > > But, can the tickets be used for anything useful when the > network does not exist?
If you have a locally service that uses them, sure. In any case, a ticket gives you access to a crypto key, and you can use that for all sorts of things. > SKMS clients can continue to provide the capability they were > designed for, even when the network is unavailable - it was a > critical design goal. Well, again, you can do the same thing with Kerberos, and Kerberos has the added advantage that there is a complete spec that fully handles all the details and is actually implemented and available off the shelf -- even built in to Windows. SKMS is vaporware that leaves all the hard parts of the specification out. > If this comes back to Ben's original statement about it being > just a key-escrow service, then so be it. But lets not dismiss > the value standardization and abstraction of this capability > provides I'm inclined to dismiss it, if only because you can do all of it with existing, implemented and fully specified tools with no added complexity. I actually have much larger reservations, but I think that alone eliminates the reason to consider it. > - after all people didn't really need DBMS's 30 years > ago because they could do all the data-management operations > inside each application quite well, thank you! I think that comparing the advance SQL made with SKMS seems a bit unreasonable. Perry -- Perry E. Metzger [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]