Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!mailrus!cs.utexas.edu!usc!wuarchive!decwrl!shelby!ATHENA.MIT.EDU!tytso
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
Newsgroups: comp.protocols.kerberos
Subject: Re: costs of kerberos and X.500
Message-ID: <8912182127.AA17245@STEVE-DALLAS.MIT.EDU>
Date: 18 Dec 89 21:27:19 GMT
References: <891218121403.22200126@CCC.NMFECC.GOV>
Sender: daemon@shelby.Stanford.EDU
Reply-To: tytso@ATHENA.MIT.EDU
Organization: The Internet
Lines: 19


   Date: 	  Mon, 18 Dec 89 12:14:03 PST
   From: NESSETT@CCC.NMFECC.GOV
   Comment: From NESSETT@CCC.MFENET on December 18, 1989 at 12:14 PST

   Even a margin cost argument must take into account the impact of decreased
   interoperability when a non-standard authentication mechanism is employed.
   Given that the certificate approach has major technical advantages.....

This may not be the right list to be debating the pro's and con's of the
certificate approach; if so, please respond via personal mail.  However,
I don't see how it's obvious that the certificate approach has ``major
technical advantages.''  For example, Jeff's point that Kerberos
provides a much easier way to revoke authentication privileges --- just
chage the password!

Could you detail the ``obvious technical advantages''?  Thanks!

						- Ted