Proposal for using NAPTR/URI records

Nico Williams nico at
Tue Feb 24 12:15:03 EST 2015

I should add that I'm assuming that an MITM wouldn't be able to get
away with modifying important bits of the protocol because we
authenticate all contents (or all that matters).  So the main problem
would be information leaks and other problems with getting redirected,
such as (stretching here) changing the trust anchors that the AS'
PKINIT cert is to get validated to.

More information about the krbdev mailing list