"revoking" a TGT?

Nico Williams nico at cryptonector.com
Wed Aug 10 12:20:02 EDT 2016


On Wed, Aug 10, 2016 at 11:05:43AM -0500, Nico Williams wrote:
> Even the simplest reliable revocation schemes beyond having TGSes check
> the client principal's record presume a high-performance pub-sub
> protocol and implementation(s).

Reliable multicast type protocols would be nice for this, though a
unicast (TCP-based, no doubt) protocol should be needed as well.

I've tested a C10K tail-f service to 20k concurrent connections on
loopback just fine, and that could be part of a unicast protocol.
Modern async I/O APIs make this easy enough.  Such a thing can scale by
fanout too, so it's plenty scalable, though multicast would generally
scale best in many networks.

A revocation pub-sub protocol wouldn't be too difficult to design and
implement.  But it is work that would have to be done.

Nico
-- 


More information about the Kerberos mailing list