Path: utzoo!attcan!uunet!husc6!bbn!csd4.milw.wisc.edu!bionet!agate!ucbvax!decwrl!shelby!UMD2.UMD.EDU!ZBEN From: ZBEN@UMD2.UMD.EDU (Ben Cranston) Newsgroups: comp.protocols.kerberos Subject: using kerberos for secure mail Message-ID: Date: 30 Mar 89 23:36:44 GMT Sender: daemon@shelby.Stanford.EDU Organization: The Internet Lines: 18 I have been looking at the Davis and Swick paper with an eye to using the Kerberos protocols (or an extension of same) to generate encryption keys for secured mail messages. I see how their scheme could be used as stands to generate a user-to-user session key, but this would require that both the sender and receiver have valid TGS keys (i.e. actually be signed on). I would like to design a scheme under which the receiver would generate some cookie and transfer it to the sender, who could then generate encrypted messages autonomously. I have also done a paper on using (an extension to) Kerberos to generate digital signatures (basically sealing a checksum for the user). Since both of these schemes touch upon the idea of session keys (tickets) that last longer than the 8 hours or so of a maximal workstation session, they are somewhat related. If anybody is currently working in this area or has good ideas I would like to know about it. (But, but, but it's MY wheel! And, and, and it's just big enough to reach the ground! :-)