interested in discussing some Kerberos improvements

[Nico Williams]

On Thu, Apr 02, 2026 at 10:20:07PM -0400, Ken Hornstein via Kerberos wrote:
> I can think of situations where you might be issued X.509 certificates
> that you would want to use for authentication, rather than a keytab.

Like a TPM.  Just in time to be obsoleted by the move to PQC.

(Though, still, if you treat the public keys as secrets then it can be
safe should we get a CRQC.)

Nico
--