Talk:Kerberos
I just changed the definition to reflect what I think are the key points about this protocol. I'm not an expert in Kerberos, but it looks to me like it has no advantage over a public-key system, and a few serious disadvantages. I'm thinking of adding to the article something like the following paragraph, but I would like to get some feedback first.
- Kerberos has largely been replaced by public-key systems. Both have the objective of providing a secret session key to allow encrypted communications between two clients. Both need a central server, one to distribute public keys for each client, the other to hold secret keys for each client. The server with secret keys for all clients must be very secure, much more than is required for the server holding only the public keys of all clients.
See http://en.wikipedia.org/wiki/Kerberos_(protocol)#Drawbacks for more on the disadvantages of Kerberos.
"Authentication Protocols", section 8.3 in Peterson & Davie, Computer Networks, 4th ed. (Morgan Kaufmann, 2007).
"Authentication Protocols", section 8.7 in Tanenbaum, Computer Networks, 4th ed. (Prentice Hall, 2003).
"Authentication and Authorization Controls", R. Bragg, chapter 6 in Network Security: The Complete Reference (McGraw-Hill, 2004).
--David MacQuigg 17:12, 25 November 2009 (UTC)