To codify in a single place assembled knowledge about the architecture of Kerberos, design considerations/assumptions and how these are present/different in real-world-environments, best practice for operational issues regarding Kerberos, and more.
Summary of topics
List here topics or potential topics for white papers. Individual papers may have an outline fleshed out as a separate section.
- Revisiting the design assumptions that went into Kerberos' creation and analyzing their current validity
- Revisiting the Kerberos threat model (from Kerberos' creation) and analyzing present-day weaknesses, possibly with emphasis on preauthentication schemes
- Operational issues of relevance to running a KDC on the open internet
- (category, not necessarily a single paper) Discussion of particular enctype(s), known attacks on their ciphers/hashes, and their relevance to Kerberos
- What could "kerberos in the cloud" mean? Is there such a concept which is useful?
- Use cases for PKINIT
- Use cases for anonymous PKINIT
- Use cases for anonymous tickets (both realm-anonymous and fully-anonymous)
- Security benefits of the https proxy, and how it compares to FAST with anonmyous PKINIT