a suggestion for improving pkinit preauth plugin token choosing

Henry B. Hotz hotz at jpl.nasa.gov
Tue May 11 20:24:37 EDT 2010

On May 11, 2010, at 12:34 PM, Nicolas Williams wrote:

> We need much more experience here.  IMO Will should proceed with his
> proposal and . . .

Questions about how much complexity is needed aside, I have no objections to Will's proposals.

I have a strong feeling that the situation is really a lot simpler than it appears.  You shouldn't blindly try to accommodate every type of deployment that has been done, because I know people have made some mistakes in existing deployments.  Accommodating mistakes is not what's needed. 

Everyone needs a little more experience here, and I admit that mine is rather specific.

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the krbdev mailing list