Concealing keys (not even in NSS)
Michael Ströder
michael at stroeder.com
Tue Sep 20 02:58:14 EDT 2016
Greg Hudson wrote:
> Is it sufficient for just the master key to be behind a PKCS #11 device, so
> that the existing database format can be preserved at the cost of letting
> long-term keys pass through KDC application memory?
IMO yes.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20160920/64a292f0/attachment.bin
More information about the Kerberos
mailing list