Marcus Watts wrote: > Jeffrey Hutzelman <[EMAIL PROTECTED]> writes: >>> Incidentally, the particular problem Marcus posits here is one we >>> considered, and for which rxgk has an obvious solution in the form of its >>> combine-tokens operation. I do not think it would be appropriate at this >>> point in time to attempt to add this functionality to rxkad. >> Oh, BTW, this approach lends itself quite easily to situations in which the >> individual client hosts do not have keys, by giving the server a public key >> and authenticating rxgk token establishment with PKU2U instead of GSS-krb5. > > Is this > draft-zhu-pku2u-01.txt ? > > If so, besides the obvious problems, this seems to depend on > x509 certificates on both sides. So far, nobody else here has > sounded at all enthusiastic about x509 certificates for either side. > > -Marcus Watts
PKU2U uses Krb5 PK-INIT and PK-INIT does not require the use of X.509 certificates; it can also support raw public/private key pairs. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
