Moving Kerberos to the Cloud?
Nico Williams
nico at cryptonector.com
Wed Dec 7 16:56:57 EST 2011
On Wed, Dec 7, 2011 at 2:34 PM, Tom Yu <tlyu at mit.edu> wrote:
> tareq.alrashid at case.edu writes:
>> The higher ups asked: Feasibility of moving the University’s MIT Kerberos authentication critical service infrastructures to the Cloud?
>
> It is very probably technically feasible, for some definitions of "Cloud".
I'd go farther: there's nothing so special about Kerberos that it
would be technically infeasible to move it to the cloud.
> It might be untenable from a risk management perspective.
I'd go farther: we should all consider moving Kerberos to the cloud to
be "untenable from a risk management perspective". One could build a
mini-cloud with all the appropriate attributes (e.g., physical
security) for hosting such sensitive services as CAs and KDCs, but
such a mini-cloud would be too small to be worth deploying, IMO.
Nico
--
More information about the Kerberos
mailing list