Kerb/PKI Infrastructure - Who's on first?

[Tim Alsop]

Curtis,

Sorry for the long response. I appreciate that you were specifically
looking for an IETF response to you posting - I wanted to give you my
CyberSafe response for what it is worth. I hope you can give me
feedback on my opinion/comments.

There is a general market missunderstanding/confusion between PKI and
Kerberos authentication technology - I beleive this is mostly caused
by the large amount of marketing around PKI and related
products/companies over the last few years - many companies thought
that PKI was the only authentication solution they would ever need. In
my view what has happened is that the adoption of Kerberos by
Microsoft in Win2k/XP and .NET has allowed many organisations to now
recognise that Kerberos can be deployed in the enterprise network and
it is being considered more seriously than before as a viable
technology for their network security and authentication needs. I have
been able to verify this view with the clear interest we have seen
over the last 12-18 months in our current products and services and
also many from feedback received from customers/prospects/partners
when asked for their views.

It is also worth highlighting that Kerberos is often positioned as an
authentication technology, which of course is correct, but it is also
becoming widely chosen for its symmetric key management capabilities.
If you combine this key management with PK authentication to give
two-factor authenticated access to symmetric keys with the private key
from the PK being used to give a digital signature capability then the
opportunity is very exciting. I am sure you are also aware that
Kerberos can be extended using pre-authentication to use other
two-factor authentication tokens and methods. I know of two global
solutions where the approach of using key management and PK together
is strategically utilised - one in the Cable Network industry
(www.packetcable.com) and another is in the Wireless LAN (WLAN)
industry where Kerberos is becoming utilised for key management, but a
client certificate is still used so that a user at their workstation
can sign documents and use two-factor authentication (stronger than
regular userid/password).

It is also worth mentioning that Kerberos has strengths when compared
to alternatives in implementation of a standards based application
security solution - I can explain this to you more if you are
interested. It means that an increasing number of vendors are
exploring use of Kerberos credentials to secure their application and
allow improved authentication/integrity and confidentiality.

Anyway, I would like to get back to your specific questions and try
and help you with your confusion. I hope I don't confuse you further ?

It is our opinion that the future of Kerberos is going to rely more on
PK than today - the best of each technology is gradualy being realised
and 'merged'. I know this view is also shared by Microsoft. The PKINIT
extension to Kerberos has been available for many years as a draft and
is nearly reaching RFC status with IETF. We are seeing an increasing
number of examples where companies are realising the strengths of
Kerberos and strengths of PK and utilising them together with PKINIT
to get the best of both worlds. We also need to consider PKCROSS and
other PK related extensions in this discussion and recognise that
other PK related extensions to Kerberos may become widely used in the
future. From a pure technology point of view it is clear that the PK
advantage (depending on what you are trying to acheive) is that PK
needs a private key - this private key can be used for digital
signatures. There are also disadvantages of PK technology, but there
are with many technologies. There are many comparisons that can be
drawn between PK and Kerberos infrastructures and it quickly becomes
apparent that they are actually very complementary.

Anyway, if you are looking for a single common authentication solution
then you need to recognise that Kerberos is allready a standard for
initial operating system login for many operating system vendors, both
Microsoft and UNIX vendors included.

One of our customers (I cannot say who they are) used the phrase
'authentication plumbing' when they described kerberos - I agree with
this as it is a nice way to picture the Kerberos protocol in relation
to other methods of authentication. What they were refering to is the
unique and very capable ability of the Kerberos protocol to pass
credentials across the network in a secure manner so that applications
and services/devices know who the user/initiator is and also allow the
service to delegate the credentials to another application component -
ideal in an n-tier architecure which is very common in todays
application solutions. If you combine this with PK and other forms of
authentication then you can take advantage of private keys on client
workstations without having the user to authetnicate more than once
and hence get closer to the dream of 'secure single signon'.

I can also introduce the web authentication environment and it is
clear that this is where PK has traditionally been used, but in my
experience most implementations use a web server certificate only for
SSL purposes (not a client browser certificate held in a secure device
such as a smart card) - hardly as secure as having a unique session
key for each authentication request. I know that you will see more use
of PK and Kerberos together in a web environment. One such example is
that Kerberos is a good solution for passing credentials from browser
to web server, then have the web server delegate the credentials to
another application component such as an application server and then
perhaps onto a database server ... The delegation of credentials
cannot easily be acheived using PK technology - certainly not in a
standard way anyway.

I hope you have seen from my feedback above that there is clearly
space for both a PKI and a KI (Kerberos Infrastructure) in many
networks - even the Internet will need a global KI if Microsoft/IBM
are successful with their WS-Secure proposal for Passport/WebServices
and .NET authentication.

I have no comments on KINK as I haven't studied it closely.

You mentioned SSH in your posting - this is a protocol that is widely
used, but still needs key management and improved authentication for
operating system access. I can explain this better if you can contact
me.

I also noticed that you prefered an opensource solution ? Is this
because of cost ?

Once again - I am sorry this post is so long. I also hope that you
find my feedback useful. If you have any further questions or comments
I would welcome continued discussion on this matter.

Cheers, Tim.