"Douglas E. Engert" <[EMAIL PROTECTED]> writes: >>>Maybe it's me, but I've never really seen the difference between a junk >>>certificate and a Kerberos ticket;
>> Somebody with no prior trust relationship can check the validity of a >> junk certificate. > Not nessesarily. Only if the CA certificate used to sign the "junk > certificate" is trusted in some way. >From the context of the discussion it should have been clear that I was speaking from the CA/KDC's perspective. I cannot check the validity of a Kerberos identity if the KDC does not "know that I exist", while I can check the validity of an X.509 certificate even if the CA does not know that I exist. - a _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
