- From: Mountie Lee <mountie.lee@mw2.or.kr>
- Date: Fri, 9 Nov 2012 10:20:05 +0900
- To: Thomas Hardjono <hardjono@mit.edu>
- Cc: Ryan Sleevi <sleevi@google.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAE-+aYKTuev5kqH0wA-UnubYtXp17hHu_YBXbaKGzmk15bWcJg@mail.gmail.com>
Kerberos is used normally in private/closed network. AD joined network is one of the examples of private network. what can we do with kerberos feature implemented in browser level under open network? On Fri, Nov 9, 2012 at 1:36 AM, Thomas Hardjono <hardjono@mit.edu> wrote: > > > From: mountie@paygate.net [mailto:mountie@paygate.net] On Behalf Of > > Mountie Lee > > Sent: Tuesday, November 06, 2012 7:54 PM > > To: Ryan Sleevi > > Cc: Thomas Hardjono; Harry Halpin; David Dahl; arun@mozilla.com; > > public-webcrypto@w3.org > > Subject: Re: Adding Kerberos use-case > > > > kerberos depends on that the time is correct in client and server > > both. > > my concern is > > any vulnerabilities can be exposed because of different time between > > browser and server. > > > > regards > > Mountie > > Hi Mountie, > > There is a parameter in the admin config to set the > tolerable skew time between the client and server. > Having short life-time tickets minimizes the chances > of successful replay attacks. > > FYI Kerberos is used in over 60% of medium-large Enterprises, > due largely to Microsoft Windows (starting in Win2K onwards) > and Active Directory. The MIT code base is used in many > Enterprises for back-end server authentication. > > So Kerberos is a well understood and well-deployed protocol > (been around over 25 years). > > Thanks. > > /thomas/ > > > > > > > > > > > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Received on Friday, 9 November 2012 01:20:50 UTC