don@ATHENA.MIT.EDU (10/13/90)
Archive-name: net-sec-cert/12-Oct-90 Original-posting-by: don@ATHENA.MIT.EDU Original-subject: kerberos-related paper Archive-site: athena-dist.mit.edu [18.71.0.38] Archive-directory: /pub/kerberos Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti) Ralph Swick and I have a Kerberos-related paper in this month's ACM Operating Systems Review: vol 24, no. 4 (Oct 1990), pp. 64-67. Network Security via Private-Key Certificates Abstract "We present some practical security protocols that use private-key encryption in the public-key style. Our system combines a new notion of "private-key certificates", a simple key-translation protocol, and key-distribution. These certificates can be administered and used much as public-key certificates are, so that users can communicate securely while sharing neither an encryption key nor a network connection." The system is related to Kerberos, in that it extends Version 5's user-to-user protocol in order to relieve the KDC of all database management; thus, it allows easy replication of the KDC. Further, it supports encrypted mail and has a natural compatibility with RSA systems. If you can't find the newsletter, you can get our paper via anonymous ftp from athena-dist.mit.edu ; the pathname there is pub/kerberos/net_sec_cert.PS . -Don Davis, MIT staff, don@athena.mit.edu Ralph Swick, DEC External Research, swick@athena.mit.edu MIT Project Athena Advanced Development Group