don@ATHENA.MIT.EDU (10/13/90)
Ralph Swick and I have a Kerberos-related paper in this month's
ACM Operating Systems Review: vol 24, no. 4 (Oct 1990), pp. 64-67.
Network Security via Private-Key Certificates
Abstract
"We present some practical security protocols that use
private-key encryption in the public-key style. Our system
combines a new notion of "private-key certificates", a
simple key-translation protocol, and key-distribution. These
certificates can be administered and used much as public-key
certificates are, so that users can communicate securely while
sharing neither an encryption key nor a network connection."
The system is related to Kerberos, in that it extends Version 5's user-to-user
protocol in order to relieve the KDC of all database management; thus, it
allows easy replication of the KDC. Further, it supports encrypted mail and
has a natural compatibility with RSA systems.
If you can't find the newsletter, you can get our paper via anonymous ftp
from athena-dist.mit.edu ; the pathname there is pub/kerberos/net_sec_cert.PS .
-Don Davis, MIT staff, don@athena.mit.edu
Ralph Swick, DEC External Research, swick@athena.mit.edu
MIT Project Athena Advanced Development Group