>>>>> "Troy" == Troy Benjegerdes <[EMAIL PROTECTED]> writes:
Troy> However, not all good choices in this space have such tight time
Troy> sychronization constraints as kerberos does. I think any proposal for
Troy> digital identity based on kerberos needs to also propose some
mechanism
Troy> for relaxing the synchronized clock constraints that all the existing
Troy> kerberos implementations I am aware of impose.
Modern Kerberos does not have that constraint between the client and
the KDC. (Or between the client and server). It does have that
constraint between the KDC and server--which is kind of ironic given
there are no message flows directly between the KDC and server.
Yes, I should add that to the work necessary to use Kerberos in this
situation.
I think relaxing the time constraint is doable.
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
