> On Aug 21, 2017, at 7:05 AM, Greg Hudson <ghud...@mit.edu> wrote:
> I'm not sure about "any KDC in the trust chain trusts the next hop."
> RFC 4120 doesn't think about cross-realm relationships in terms of
> trust. Simply having cross-realm keys with another realm doesn't
> necessarily imply that the other realm is trustworthy.
That’s always been a slippery distinction in practice. Trust depends on “local
policy” which may be determined by many things that are orthogonal to what the
crypto can actually provide. Unless you’re writing the code yourself, I would
presume that anything with an exchanged set of keys is trusted for
authentication. Authorization is, of course, outside the scope of Kerberos.
Personal email. hbh...@oxy.edu