From: @ulysses.att.com:mischu@allegra.att.com
To: kerberos@ATHENA.MIT.EDU, krb-protocol@ATHENA.MIT.EDU,
Cc: mischu@allegra.att.com
Reply-To: smb@ulysses.att.com, mischu@allegra.att.com
Date: Fri, 13 Jul 90 09:49:18 EDT

Michael Merritt and I have a paper on the limitations of Kerberos,
which has been submitted to Computer Communications Review.  A draft,
in Postscript, is available for anonymous ftp from inet.att.com
(192.20.225.2) in ~ftp/dist/kerblimit.ps.


		--Steve Bellovin
		smb@ulysses.att.com


Abstract:
	The Kerberos authentication system, a part of MIT's Project
	Athena, has been adopted by other organizations.  Despite
	Kerberos's many strengths, it has a number of limitations and
	some weaknesses.  Some are due to specifics of the MIT
	environment; others represent deficiencies in the protocol
	design.  We discuss a number of such problems, and present
	solutions to some of them.  We also demonstrate how
	special-purpose cryptographic hardware may be needed in some
	cases.