Useful utility?
Marc Horowitz
marc at cygnus.com
Tue Apr 15 12:33:03 PDT 1997
Black Unicorn <unicorn at schloss.li> writes:
>> I've been hearing a lot of complaints from sysadmins who I try to convince
>> to run SSH lately.
>>
>> "Key management is too difficult."
>> "I cant keep track of all that stuff."
>>
>> I think that an interesting answer might be a ssh key issuing "robot." or
>> vending machine of sorts.
>>
>> It might works something like this.
>>
>> [ details omitted ]
>>
>> Comments?
It sounds like you've basically reinvented Kerberos, at least from a
key management perspective. If you consider some of the pk extensions
to Kerberos which have been proposed recently, it's even vaguely
similar cryptographically.
SSH is great if you control everything in your environment, and if the
number of users and endpoints is small. But as these parameters grow
and change, Kerberos is more useful, because it scales more easily.
What would be truly useful would be to combine the different
approaches, so that you could use whichever mode was most appropriate
to your environment. This is possible, but the details are subtle,
and would probably make backward compatibility difficult.
Marc
More information about the cypherpunks-legacy
mailing list