Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!unixhub!shelby!MIT.EDU!jis
From: jis@MIT.EDU (Jeffrey I. Schiller)
Newsgroups: comp.protocols.kerberos
Subject: Re: Future of Kerberos and Vendor support
Message-ID: <9102190350.AA20892@osiris.MIT.EDU>
Date: 19 Feb 91 03:50:18 GMT
References: <368@aplcomm.JHUAPL.EDU>
Sender: jis@ATHENA.MIT.EDU
Organization: Internet-USENET Gateway at Stanford University
Lines: 34


	DEC will be offering an authentication system which I believe
will be called "SPX" (formerly known as Sphinx).  SPX is not Kerberos
with RSA added. It is a separate system which is based on RSA Public
Key Encryption.

	SPX offers a lot of the same features of Kerberos, but is not
a Kerberos spinoff.

	The good news is that the SPX developers and the Kerberos
developers have been in touch with each other. Our hope is to offer a
generic application programmer's interface (Generic API) that will
work with either SPX or Kerberos.  This would also support the linking
of applications so as to allow them to operate in either an SPX or
Kerberos environment.

	We have also begun preliminary internal discussions on how to
integrate public key technology directly into Kerberos. For now this
is a back burner project at MIT (V5 needs to get out the door!).

      ... Can
   anyone comment on what I can expect to see in the future in the
   Kerberos arena.  Will we ever be able to use Kerberos in our large
   heterogeneous network?

Expect to see Kerberos enhanced to support Public Key at some point.
Ideally I would hope to see the Kerberos and SPX technologies merged
into one comprehensive (and compatible) system. How we do this, I
don't rightly know... but I think it is in everyone's interest. [Note:
I *do* expect to see the Generic API mentioned above, getting the
protocols themselves to interact is a tougher goal, and is what I am
referring to in this paragraph.]

			-Jeff