On Mon, Jun 04, 2007 at 04:48:25PM -0700, Henry B. Hotz wrote: > If I had my way, any vendor would need to convince me that they have > solved the KDC robustness problem. I have a hard time imagining a
The OTP robustness problem, you mean. > vendor being able to make money solving this problem unless the > market was bigger than just Kerberos servers. Sun doesn't sell an OTP solution. Sun might include pluggable OTP support in its KDC, but it wouldn't be Sun's job to see to it that a third party OTP implementation is robust. In any case, the real problem is that OTPs are cool, but they typically aren't key generating. If they were then it'd be a lot easier to use them in network protocols. > I'm not sure I know how to solve the problem. The solution would > need a really robust sync service like UBIK, but fast enough that it > never times out a traditional kinit, even with multiple, > transcontinental kdc's. If I could get away with it I'd make the OTP tokens key generating and I'd have an authentication protocol based on the OTP key that uses nonces, challenges and server instance names to keep the protocol messages non-replayable. But guess what: OTPs generally aren't key generating and we don't manufacture OTPs. (Well, I suppose we could write a J2ME applet that works the way I'd want it to and customers could run it on their cell phones, but I'm not sure that that would be a realistic deployment scenario -- folks like tamper resistant tokens.) > Is it worth bringing this up on the IETF list? Maybe. There is an Internet OTP, after all. Nico --
