Not actually, Digital Signatures, Digital Envelopes, and Kerberos all use what Asymmetric Cryptography (aka Public/Private Keys). But the techniques are used for different purposes.
The term "AD Kerberos" is meaningless. AD is the database that contains the actual usernames and passwords (among other data). Kerberos is the primary authentication protocol used by Windows 200x. Kerberos uses digital signatures to verify that both ends of the process are properly identified. IPSEC can be used to set up encrypted paths for data transfer. More on Kerberos: http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/kerberos.mspx http://www.windowsitlibrary.com/Content/617/06/6.html More on IPSEC: http://www.techonline.com/community/tech_topic/21194 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Thursday, October 28, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Which is better Ok, and from what I can figure, both utilize AD Kerberos to sign or encrypt the data right? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Thursday, October 28, 2004 3:58 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Which is better You also have to look at what each method doesn't do. 1. Digital signature Proves the message was sent by you Allows anyone to read the message 2. Digital envelope Only the desired recipient can read the message Doesn't prove the message was from you A truly secure transfer requires both techniques to be used but sometimes one step is all you need. A digital signature is similar to having your signature "notarized" on a loan application. Also, when you download a new device driver it could be digitally signed so you can be sure that you are actually getting a driver from your hardware vendor, not a hacker. However the message is now the equivalent of a postcard or a billboard by the side of the road. If you are placing a message into a portable storage media (floppy, usb key, portable hard disk, etc) that a courier is going to hand carry to the recipient then the digital envelope would keep the courier from looking at the contents of the message. If the courier switched your message with another one, you couldn't know. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Thursday, October 28, 2004 11:53 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Which is better Well what are you trying to achieve? Digitally sign just ensures to the receiving arty that the packet has not been tampered with. Digitally encrypt ensures that nobody in between can read the contents of the packet. Thanks. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Salandra, Justin A. > Sent: Thursday, October 28, 2004 1:42 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Which is better > > Digitally sign communications > > Or > > Digitally encrypt secure channel data > > Justin A. Salandra, MCSE > Senior Network Engineer > Catholic Healthcare System > 212.752.7300 - office > 917.455.0110 - cell > [EMAIL PROTECTED] > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
