From owner-freebsd-current  Sat Feb 10 18:45:53 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id SAA03088
          for current-outgoing; Sat, 10 Feb 1996 18:45:53 -0800 (PST)
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id SAA03083
          Sat, 10 Feb 1996 18:45:50 -0800 (PST)
Received: from localhost.shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.3/8.7.3) with SMTP id SAA05429; Sat, 10 Feb 1996 18:43:19 -0800 (PST)
Message-Id: <199602110243.SAA05429@precipice.shockwave.com>
X-Mailer: exmh version 1.6.5 12/11/95
To: Warner Losh <imp@village.org>
Cc: Ollivier Robert <roberto@keltia.freenix.fr>, mark@grondar.za,
        dima@freebsd.org, ache@astral.msk.su, current@freebsd.org
Subject: Re: Kerberos @ freebsd.org? 
In-Reply-To: Your message of "Sat, 10 Feb 1996 18:48:17 MST."
             <199602110148.SAA02467@rover.village.org> 
Mime-Version: 1.0
Content-Type: application/pgp; format=mime; x-action=signclear; x-originator=81B2A779
Content-Transfer-Encoding: 7bit
Date: Sat, 10 Feb 1996 18:43:18 -0800
From: Paul Traina <pst@shockwave.com>
Sender: owner-current@freebsd.org
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

Content-Type: text/plain; charset=us-ascii

I really don't want to get into a ssh vs kerberos war, we can certainly
run both of them.  Rather, I'd just like to point out:

ssh is good for peer-to-peer secure communications

kerberos is good for intra-organization communications

Each have their benefits and shortcomings.  I'd like to see someone extend
K4 so that it is truely usable in inter-organization applications, but as far
as I'm concerned, waving the banner for Kerberos is beating a dead horse.

Kerberos was killed by MIT because of their inability to move forward with a
"product."  Whether this was their fault directly or indirectly is outside of
the scope of this discussion.  Kerberos will not be a viable commercial 
solution
for our encryption needs, and when the time comes to say good bye to it, we
should plan to do so.

Face it, we're really lacking a good secure authenticated system that does 
both.
If I was feeling paranoid, I'd blame the goverenment,  but the real blame lies
with all of us who haven't considered it a priority.

We need good cryptography standards (!) that work in real-world applications.

Paul


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR1XxWtaZ42Bsqd5AQFl6gP/akdhiorTGOKHmHLhpNlUbI3cwX7qAKCG
aJJX15+/WOIM5GgTVVnI+8eQITTYJs9dT17byrFKcyddH0/kz54Wgouzl1xcnCOD
e0uCZgZMhyxDF7lvp2iTWoXpGOaJEk2RADB9MyQ46mh7nnk6rKQkWXY37YR5lvRM
XEDJ8ybOTW4=
=uzkH
-----END PGP SIGNATURE-----