Path: utzoo!attcan!uunet!mcvax!ukc!cam-cl!lg
From: lg@cl.cam.ac.uk (Li GONG)
Newsgroups: comp.protocols.kerberos
Subject: Re: Distinguishing "users" and "services"
Message-ID: <733@scaup.cl.cam.ac.uk>
Date: 18 May 89 21:14:06 GMT
References: <8905081836.AA05625@LYCUS.MIT.EDU>
Sender: news@cl.cam.ac.uk
Reply-To: lg@cl.cam.ac.uk (Li GONG)
Organization: University of Cambridge Computer Laboratory, England.
Lines: 17

Here I'd like to add another reason why I consider distinguishing "users"
and "services" is useful.

In a recent work at our Lab, a notion of "verifiable-plaintext attacks"
was recognised.  We proposed a fix using public-key system in one direction,
the initial messages from client A and B to server S.

If B is a server which has a well-chosen key shared with S, there is no need
to use public-key system between B and S.  Also the configuration of the
authentication protocol (the order of messages) can be different which may
make the protocol cheaper.  Just simple as that.
____________________________________________________________________________
| Li GONG (+44223-334650)     University of Cambridge, Computer Laboratory |
|                             Pembroke Street, Cambridge CB2 3QG, England  |
| InterNet/CSnet : lg%cl.cam.ac.uk@cunyvm.cuny.edu  (or @nss.cs.ucl.ac.uk) |
| UUCP : ...!ukc!nss.cs.ucl.ac.uk!cam-cl!lg   Bitnet/EAN : lg%cl.cam@ac.uk |
----------------------------------------------------------------------------