> On Aug 21, 2017, at 7:05 AM, Greg Hudson wrote:
>
> I'm not sure about "any KDC in the trust chain trusts the next hop."
> RFC 4120 doesn't think about cross-realm relationships in terms of
> trust. Simply having cross-realm keys with another realm doesn't
> necessarily imply that the other r
On 08/18/2017 08:35 AM, Stefan Metzmacher wrote:
> While thinking about this I can't see any value in checking the
> transited list of the ticket. As that list is always under the
> control of the KDC that issued the ticket. And the service
> trusts it's own KDC anyway, as well as any KDC in the tr
