On Wed, Jul 28, 2010 at 10:42:43AM -0400, Anne & Lynn Wheeler wrote: > On 07/28/2010 10:05 AM, Perry E. Metzger wrote: > >I will point out that many security systems, like Kerberos, DNSSEC and > >SSH, appear to get along with no conventional notion of revocation at all. > > long ago and far away ... one of the tasks we had was to periodically > go by project athena to "audit" various activities ... including > Kerberos. The original PK-INIT for kerberos was effectively > certificateless public key ...
And PKINIT today also allows for rp-only user certs if you want them. They must be certificates, but they needn't carry any useful data beyond the subject public key, and the KDC must know the {principal, cert|pubkey} associations. > An issue with Kerberos (as well as RADIUS ... another major > authentication mechanism) ... is that account-based operation is > integral to its operation ... unless one is willing to go to a > strictly certificate-only mode ... where all information about an > individuals authority and access privileges are also carried in the > certificate (and eliminate the account records totally). This is true time you have rp-only certs or certs that carry less information than the rp will require. The latter almost always true. The account can be local to each rp, however, or centralized -- that's up to the relying parties. > As long as the account record has to be accessed as part of the > process ... the certificate remains purely redundant and superfluous > (in fact, some number of operations running large Kerberos based > infrastructure have come to realize that they have large redundant > administrative activity maintaining both the account-based information > as well as the duplicate PKI certificate-based information). Agreed. Certificates should, as much as possible, be rp-only. > The account-based operations have sense of revocation by updating the > account-based records. [...] Exactly. OCSP can work in that manner. CRLs cannot. In terms of administration updating an account record is much simpler than updating a CRL (because much less information needs to be available for the former than for the latter). > The higher-value operations tend to be able to justify the real-time, > higher quality, and finer grain information provided by an > account-based infrastructure ... and as internet and technology has > reduced the costs and pervasiveness of such operations ... it further > pushes PKI, certificate-based mode of operation further and further > into no-value market niches. Are you arguing for Kerberos for Internet-scale deployment? Or simply for PKI with rp-only certs and OCSP? Or other "federated" authentication mechanism? Or all of the above? :) Nico -- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com