Tim Hudson <[EMAIL PROTECTED]> writes: > I think that Arshad's point here is an argument that externalising > key management handling from normal application logic is a valid one > but that it is also equally applicable to existing Kerberos > environments. > > I don't think a point beyond "externalisation is good" was trying to > be made here.
Well, that's not unreasonable. Of course, if you're looking for ways to add a layer so that application logic can be detached from authentication logic, GSSAPI is one answer. People may have varying opinions on GSSAPI, but it does have the merit of existing and being widely available. Perry -- Perry E. Metzger [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]