Network security via private-key certificates
ACM SIGOPS Operating Systems Review
The official PGP user's guide
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Kerberos security with clocks adrift
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Cert'eM: Certification System Based on Electronic Mail Service Structure
Proceedings of the International Exhibition and Congress on Secure Networking - CQRE (Secure) '99
Distributed Authentication in Kerberos Using Public Key Cryptography
SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
Compliance defects in public-key cryptography
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
The performance of public key-based authentication protocols
NSS'12 Proceedings of the 6th international conference on Network and System Security
Hi-index | 0.00 |
We show how to use Kerberos to enable its clients to interact securely with non-Kerberized World Wide Web servers. That is, our protocol does not require that the Web server be a member of a Kerberos realm, and also does not rely on time-synchronization between the participants. In our protocol, the Kerberos client uses the Web server's public-key certificate to gain cryptographic credentials that conform to public-key authentication standards, and to SHTTP. The client does not perform any public-key encryptions. Further, the client is well-protected from a man-in-the-middle attack that weakens SSL. Our protocol conforms to the current specifications for the Kerberos protocol and for the Secure Hypertext Transfer Protocol.