Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) by krbdev.mit.edu (8.12.9) with ESMTP id l9IKfUHW025109; Thu, 18 Oct 2007 16:41:30 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 545604A45; Thu, 18 Oct 2007 16:41:25 -0400 (EDT)
From: Sam Hartman <hartmans@mit.edu>
To: rt@krbdev.mit.edu
CC: undisclosed-recipients:;undisclosed-recipients:;@MIT.EDU
Subject: Re: [krbdev.mit.edu #5821] REQ: in-registry keytab support
References: <rt-5821-25561.7.49474057908586@krbdev.mit.edu>
Date: Thu, 18 Oct 2007 16:41:25 -0400
In-Reply-To: <rt-5821-25561.7.49474057908586@krbdev.mit.edu> (Christopher D. Clausen's message of "Tue, 16 Oct 2007 00:03:21 -0400 (EDT)")
Message-ID: <tsl3aw8dukq.fsf@mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
RT-Send-Cc: 
X-RT-Original-Encoding: us-ascii
Content-Length: 711

Hi.  I'm concerned about a mechanism that makes it this easy to reuse
keys.  Your example of a cluster of web servers using HTTP/clustername
is OK; that's a case where you need to reuse keys.

However, many of the other examples are cases where reusing keys would
significantly harm security.  The AFS case is particularly alarming.
Pushing out the same key for anonymous cell access would decrease
security by allowing anyone with this key to impersonate the cell.

I'm also concerned about whether group policy has the appropriate
confidentiality protection for this use.  How is group policy pushed
to a machine?  Is it encrypted in transit?  Can a machine find out the
group policy of someone else?

--Sam