don@ATHENA.MIT.EDU (10/13/90)
Archive-name: net-sec-cert/12-Oct-90
Original-posting-by: don@ATHENA.MIT.EDU
Original-subject: kerberos-related paper
Archive-site: athena-dist.mit.edu [18.71.0.38]
Archive-directory: /pub/kerberos
Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti)
Ralph Swick and I have a Kerberos-related paper in this month's
ACM Operating Systems Review: vol 24, no. 4 (Oct 1990), pp. 64-67.
Network Security via Private-Key Certificates
Abstract
"We present some practical security protocols that use
private-key encryption in the public-key style. Our system
combines a new notion of "private-key certificates", a
simple key-translation protocol, and key-distribution. These
certificates can be administered and used much as public-key
certificates are, so that users can communicate securely while
sharing neither an encryption key nor a network connection."
The system is related to Kerberos, in that it extends Version 5's user-to-user
protocol in order to relieve the KDC of all database management; thus, it
allows easy replication of the KDC. Further, it supports encrypted mail and
has a natural compatibility with RSA systems.
If you can't find the newsletter, you can get our paper via anonymous ftp
from athena-dist.mit.edu ; the pathname there is pub/kerberos/net_sec_cert.PS .
-Don Davis, MIT staff, don@athena.mit.edu
Ralph Swick, DEC External Research, swick@athena.mit.edu
MIT Project Athena Advanced Development Group