[67] in Kerberos
unimplemented features
jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:21:57 1987
From spm@ATHENA.MIT.EDU Tue Sep 2 21:03:56 1986
From: Steve Miller <spm@ATHENA.MIT.EDU>
Date: Tue, 2 Sep 86 21:00:51 EDT
To: kerberos
Subject: unimplemented features
Last I checked, there were two unimplemented features relating to
the protocol. The first is guaranteed replay detection. This requires
stable storage at the servers, and can be a significant performance hit.
When implemented, its use should be optional, reserved for applications
where detecting all replays is very important, e.g. cash machines.
Without the stable store, certain types of replays cannot be detected.
The second feature is the mutual authentication option. Again, this is
critical when you dont want to surrender the family jewels until you are
sure that the bank is the bank. It involves implementing a protocl message,
and modifying the interface and code to support it.
I would suggest adding these two features after the current functionality has
survived some considerable large scale use.
