What happened to PKCROSS?
Rick van Rein
rick at openfortress.nl
Tue Jul 1 14:01:17 EDT 2014
Hello,
I’ve been thinking about realm-crossing lately, specifically between hitherto unknown parties — that is, for use across the general Internet.
With DANE installed as an RFC, I can see ways of placing public keys and/or X.509 certificates in signed DNS, thus enabling strong security for a KDC which uses such certificates. Better even, the DANE entries mention the service port, so they’re even adding information to separate the KDC from other services.
Then I ran into PKCROSS, a seemingly promising attempt at doing just this, except that it probably preceeded DANE and ran into certificate distribution problems. Or was this not what happened to it? I cannot find anything but hopes and promises; why has it never advanced into an RFC?
Thanks,
Rick van Rein
OpenFortress
More information about the Kerberos
mailing list