Distributed Kerberos5? Fwd: NSA backdoor risks in Kerberos
Russ Allbery
eagle at eyrie.org
Wed Apr 2 16:35:28 EDT 2014
Wang Shouhua <shouhuaw at gmail.com> writes:
> On 2 April 2014 20:45, Russ Allbery <eagle at eyrie.org> wrote:
>> With Kerberos, it's always worth being aware that it's a trusted
>> central authentication system.
> Isn't there a distributed version of Kerberos5 which avoids this
> problem?
Trusted third party is inherent in the Kerberos protocol, and indeed
inherent in Needham-Schroeder. If it didn't use trusted third party, it
wouldn't be Kerberos, it would be something else.
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list