Re: Kerberos authentication for X-Mosaic 2.4 and NCSA HTTPD


Jeff writeth:-
>it also would let the distribution channel concentrate on which
>security modules are necessary/legal for a particular end-user.
>a free-with-copyright browser could still exist and be distributed
>on the net -- security-enabled, but with no plug-in's provided.

I think we can enable at least some plug ins. Such as DES for starters and
SQModn hashes. Personaly I'd like to base everything on MD5 but that has
commercial restrictivities :-(

The security stuff has to be open though because many sites will want to slot
in their own routines - eg NSA, MI5, Whitehouse, PEI etc. 

One of the latest bits I have been working on is an entirely symetric key based
auth system. As previously mentioned I use a Digest function to provide symetric
key authorisation. I am thinking about extending this to use the password to
encrypt the body of the messages as well.

This would mean that there would be an entirely PD browser with strong
authentication and encryption (well DES at any rate :-) whith no patent hassles.

Given that the security though adequate for ATM transacitons is a four character 
password taken from an alphabet of 10 characters I think this should have some

in any case RSA is too slow to be usefull for a large number of apps. My current
thinking is to use RSA pubkey for key distribution and then use symetric keys
for each transaction. For campus and company type security this seems a good 

Phill H-B.

PS if there is anyone there with a CD ROM server for USEnet I have urgent need
to track down a few posts in connection with some legal proceedings.
