Projects/White Papers

From K5Wiki
Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.


To codify in a single place assembled knowledge about the architecture of Kerberos, design considerations/assumptions and how these are present/different in real-world-environments, best practice for operational issues regarding Kerberos, and more.

Summary of topics

List here topics or potential topics for white papers. Individual papers may have an outline fleshed out as a separate section.

  • Revisiting the design assumptions that went into Kerberos' creation and analyzing their current validity
  • Revisiting the Kerberos threat model (from Kerberos' creation) and analyzing present-day weaknesses, possibly with emphasis on preauthentication schemes
  • Operational issues of relevance to running a KDC on the open internet
  • (category, not necessarily a single paper) Discussion of particular enctype(s), known attacks on their ciphers/hashes, and their relevance to Kerberos
  • What could "kerberos in the cloud" mean? Is there such a concept which is useful?
  • Use cases for PKINIT
  • Use cases for anonymous PKINIT
  • Use cases for anonymous tickets (both realm-anonymous and fully-anonymous)
  • Security benefits of the https proxy, and how it compares to FAST with anonmyous PKINIT