It looks like we are in agreement on this, but I have another comment to make ...
A company will often prefer the solution that is included in the product they have deployed, if one exists, rather than installing any plug-in's or add-on's. They are often forced to consider technical superiority as a secondary priority and availability and ease of deployment become higher priority in the decision process. So, any alternative to SPNEGO or GSS-KRB5 for browser authentication will only be used if the browser and web server vendors/developers implement it into their native products. This is (IMHO) why Kerb-TLS has not been used by any customers - the desire is there, but the off-the-shelf browsers and Web servers do not include native support for it. I wish Kerb-TLS would have been chosen by Microsoft because it would give added protection with session keys for encryption of HTTP traffic. At the moment SSL (with X509 certificates) is needed for encrypted web communications when using Kerberos for authentication. Tim. -----Original Message----- From: Sam Hartman [mailto:[EMAIL PROTECTED] Sent: 05 December 2003 19:39 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Macintosh Safari Browser and IIS with Kerberos >>>>> "Wyllys" == Wyllys Ingersoll <[EMAIL PROTECTED]> writes: Wyllys> Rightly or wrongly, customers want this support and they Wyllys> want it without having to use IE. The mozilla codebase Wyllys> allows for extensions such as this to be added (or Wyllys> deleted) pretty easily, so in the future, if HTTP-SASL Wyllys> becomes a reality, it can be supported easily, likewise Wyllys> krb5-tls. O, to clarify, I agree this is useful technology. As a customer, it is the best solution available to me today. As a protocol developer, however, I cannot consider this to be a reasonable approach for standardization. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
