On Aug 2, 2011 9:47 AM, <g...@enjellic.com> wrote: > > On Jul 27, 12:19pm, Nico Williams wrote: > > On Tue, Jul 26, 2011 at 6:59 AM, <ghud...@mit.edu> wrote: > > It'd be nice to have a standard revocation protocol for Kerberos... > > We have one, its called authorization.... :-)
Not if we insist on delivering auth z-data via kerberos tickets (see Simo's PAD proposal. Also, we don't re-authorize long-lived sessions constantly -- not at all actually. So, yes IMO we need a low latency revocation protocol. Nico -- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos