From: "David J. Bianco" <bianco@itribe.net> Date: Sun, 24 Sep 1995 16:32:30 -0400

The Open Software Foundation's Distributed Computing Environment has the concept of a central security registry (which is currently based on Kerberos). I haven't delved too deeply into them, but the OSF website has some DCE RFCs about adding public key capabilities to the registry. They should be off the OSF home page somewhere at <http://www.osf.org>.

Sort of. The DCE registry isn't really based on Kerberos. Rather, DCE uses Kerberos code to do its private-key stuff. We're planning on adding the ability to use public key to get initial tickets to the security server. Outside of integration with other security domains, this means that the security server no longer needs to store everyone's private key, reducing exposure if it's been cracked. If anyone wants more details on how current or planned DCE security, drop me a line. Perhaps some of the other folks on this list who also know about it will speak up, too. /r$, DCE whipping boy