Difference between revisions of "Projects/White Papers"
From K5Wiki
< Projects
(Project page for tracking white paper ideas) |
(→Summary of topics) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 14: | Line 14: | ||
* Operational issues of relevance to running a KDC on the open internet |
* Operational issues of relevance to running a KDC on the open internet |
||
* (category, not necessarily a single paper) Discussion of particular enctype(s), known attacks on their ciphers/hashes, and their relevance to Kerberos |
* (category, not necessarily a single paper) Discussion of particular enctype(s), known attacks on their ciphers/hashes, and their relevance to Kerberos |
||
+ | * What could "kerberos in the cloud" mean? Is there such a concept which is useful? |
||
+ | * Use cases for PKINIT |
||
+ | * Use cases for anonymous PKINIT |
||
+ | * Use cases for anonymous tickets (both realm-anonymous and fully-anonymous) |
||
+ | * Security benefits of the https proxy, and how it compares to FAST with anonmyous PKINIT |
Latest revision as of 12:25, 12 December 2013
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
Purpose
To codify in a single place assembled knowledge about the architecture of Kerberos, design considerations/assumptions and how these are present/different in real-world-environments, best practice for operational issues regarding Kerberos, and more.
Summary of topics
List here topics or potential topics for white papers. Individual papers may have an outline fleshed out as a separate section.
- Revisiting the design assumptions that went into Kerberos' creation and analyzing their current validity
- Revisiting the Kerberos threat model (from Kerberos' creation) and analyzing present-day weaknesses, possibly with emphasis on preauthentication schemes
- Operational issues of relevance to running a KDC on the open internet
- (category, not necessarily a single paper) Discussion of particular enctype(s), known attacks on their ciphers/hashes, and their relevance to Kerberos
- What could "kerberos in the cloud" mean? Is there such a concept which is useful?
- Use cases for PKINIT
- Use cases for anonymous PKINIT
- Use cases for anonymous tickets (both realm-anonymous and fully-anonymous)
- Security benefits of the https proxy, and how it compares to FAST with anonmyous PKINIT