"Interoperation of Kerberos with Public-Key Cryptography,"
Donald Davis, SystemExperts Corporation, 1995, 10 pp.

This abstract is not for redistribution, any use of it must include any and all reference (bibliography) information, and all rights are owned by SystemExperts Corporation.

Abstract

This article discusses several ways in which RSA public-key encryption can usefully be integrated into Kerberos. Our description will emphasize advantages for administration, performance, and security that can be gained with such a hybrid system. We will avoid low-level details whenever possible. Few of the integrated protocols we describe have been built, but all of them require little or no change to the Kerberos protocol. In overview, we will first give some background about the Kerberos and RSA security systems. Following sections will describe:

• Integration schemes that offer user visible performance benefits
• Administration improvements through the use of Kerberos and RSA
• Integration schemes that improve security features of the two systems

Finally, an appendix compares the performance, administrative, and security features of the two systems, in their pure forms.

Table of Contents

• Introduction and Overview
• Background
• Performance Benefits
  • Krb client, RSA Application Server
  • RSA client, Kerberized Application Server
  • NetBill, an Imperfect Hybrid
• Administrative Benefits
  • Kerberos Inter-Realm via RSA
  • Kerberized Certificate Signer
  • Kerberized Secret-Key Management
  • Security Features
  • Signature Translation Service
• Conclusion
• Appendix: Comparison of Features
• Bibliography