On Fri, Aug 13, 2010 at 02:55:32PM -0500, eric.lengve...@wellsfargo.com wrote:
> There are some possibilities, my co-workers and I have discussed. For
> purely internal systems TLS-PSK (RFC 4279) provides symmetric
> encryption through pre-shared keys which provides us with whitelisting
> as well as removing asymmetric crypto.  [...]

For purely internal systems Kerberos is really the way to go, mostly
because it's so easy to deploy nowadays.

TLS-PSK is not a useful way of building any but the smallest networks,
and for two reasons: a) there's no agreed PBKDF and password salting
mechanisms, so passwords are out, b) there's no enrolment mechanism, so
PSK setup is completely ad-hoc.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to