Path: utzoo!attcan!uunet!lll-winken!csd4.milw.wisc.edu!bionet!agate!ucbvax!decwrl!shelby!JUNE.CS.WASHINGTON.EDU!bcn
From: bcn@JUNE.CS.WASHINGTON.EDU (Clifford Neuman)
Newsgroups: comp.protocols.kerberos
Subject: session key for broadcast service -- how?
Message-ID: <8905010307.AA02187@june.cs.washington.edu>
Date: 1 May 89 03:07:28 GMT
References: <8904251345.AA09920@MSR.EPM.ORNL.GOV>
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 16


   Date: Tue, 25 Apr 89 09:45:21 EDT
   From: dunigan@MSR.EPM.ORNL.GOV (Tom Dunigan 576-2522)

   is there a mechansim for a "broadcast server" to request a session
   key, and then have clients be able to request that same session key
   so they can verify the "safe" messages from the broadcast server?

Are the clients trusted?  If not, then this scenario requires public
key cryptography since all the clients will know the key.  If you
trust all the clients and can accept each client having the ability to
impersonate the server, then all that is needed is a way to generate
multiple tickets containing a common session key.  Allowing this is
under consideration.

	~ Cliff