Path: csiph.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: Nico Williams <nico@cryptonector.com>
Newsgroups: comp.protocols.kerberos
Subject: Re: interested in discussing some Kerberos improvements
Date: Thu, 26 Mar 2026 15:29:48 -0500
Organization: TNet Consulting
Lines: 6
Message-ID: <mailman.1.1774557000.1813.kerberos@mit.edu>
References: <CAH2n15zygW0KP4p5m+5JD40Js_QFbG-t45jGhHtABsZoDXSnCw@mail.gmail.com> <acWS6N8cVWmtHZ4g@ubby> <acWXPDdoWia+3WDc@ubby>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50"; logging-data="4311"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: kerberos@mit.edu
To: Geoffrey Thorpe <geoff@geoffthorpe.net>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu; dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-mitprod-onmicrosoft-com header.b=neJaq8hr; dkim=pass (2048-bit key, unprotected) header.d=cryptonector.com header.i=@cryptonector.com header.a=rsa-sha256 header.s=dreamhost header.b=fA8Cy0Ro
ARC-Seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=ZUfrLf+IGw4wgm6DKsX9fgJLy5cquxgq98lGQUxxEUOHwQxKGj4W9jL2sATfrtRz3yUVnr4FvynpY6VECDiSBH+1KxmzS4rkaWuTTpmQExrFinH4ipniNh4X5Ewr9GFOeBaFFrv4uvZN34v4ipCY/hTKxr0ztp3PoZ7XbadG4u8reN9l5l3GMaHtQgkb7ScNutKCmC6lV7dFaxPj1uZg0hGa50VKEP85e4YSxKvUryktjLeCbZtsOql/rnrKKzt4T4rG9+3sTFAVsVFdWecE09NV26ICrJDB7rjbQWWpF0+5YUjAsT8XxeTmAhg+p0yY2ih1v6kfyYDVFNvyODWSdQ==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jafXUXfqHbVGEHz6qRktBjVJ5ucc4jIL8ZOI5aG1dd4=; b=j5RkNGSioZeK86tPFsW7lWA7mjBNMYTV9BCIRJLkn/WwCg7rlzadDvacW77Ma0Xy8beacZJOZtrk/mILdv2H5qf3ilvpIZxPnERbsnuXz1fY5v0K3au+STT7toSnORpk77WrhuvwBN0fGUDzACj3n7Bt31FfBmsg0CRA5KOV6xb7UQzLdwWVsue01MQKJwgzGUV+hTNv2g6GFtJm2sLP0nYNcnpallUuED1mHhIOvXg0aIXYUNxR3tWSXtp73r095nzEyLC4NeuJ8LAkEZotywFq8XEhmblpj0J6/1ZX9XOPQ6tgoxeoRd20U9JBbC1XwSgjh0DPYvJuUS3qWtnE2w==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is 23.83.223.169) smtp.rcpttodomain=mit.edu smtp.mailfrom=cryptonector.com; dmarc=bestguesspass action=none header.from=cryptonector.com; dkim=pass (signature was verified) header.d=cryptonector.com; arc=pass (0 oda=0 ltdi=0 93)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jafXUXfqHbVGEHz6qRktBjVJ5ucc4jIL8ZOI5aG1dd4=; b=neJaq8hr4ZQo2NwRoC0du0Fxt2AqU9x639d8/9rOJz/cAYH5KKaNJXJ+v/gC53sK5OKqkzGmDcZW2OiKT5/p0CDFJO2vvDpQwzXCkXLw21CKvh1vyxe8yxLplQZCx2gaqEAwuhtnereA4/WvJ7vW8MDEpiBjxXz/X/vdq3glcNc=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=TlSyCWVEVkAhyut/577I/+ERWWSZ4Z3LaGLcHTBLTv23q+Sb3p+3EL8XLpUhw1roSPc50HqpbL5vrf3vpO8BrpQHcHB2nFUcKqz7EWqJURZrlXGbTEBdRZ6YaNPsl6Sl2cXCACPaXm/gu3qU5MWTVTzcT1q8TJlyosd6hpCz5kMC6GNvwu4x8gBnSEaGgMFA1yYzrcgtsTvTAYshGIKg6dSA9RrWqhQMqH5r4cU0DgifANfIf0DU383HYr8fiQEiPbQnC1ctbFNn6zcMocjwVthf7YiX8rPj1WVPT1YybGm7e1pkDA7J32gFYzPuEas6pSzvJNFZNTGZ4ROBvnh2Eg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jafXUXfqHbVGEHz6qRktBjVJ5ucc4jIL8ZOI5aG1dd4=; b=Lojk2kUjvE2tPGpIi4EGktmZMeUuIi81jBT4VTJRHFv/mCd9SgCkM934dWxIDxe3Cj719siVSAvFbXYU0NVAW9sAjehfsh2ebOmJu+e0kQbT/4HSjzrYju96mI8gUt3kAGBWhDiOVgnZwps9yc4R0GxkH0CZOr9840+6HfFUVtlHJ3tKETPHYGMS2fmSmmfVwDaDxkZ2qof1jeafVRkG+k9+H9phpEF2+AwVuVxUBx3HgGlrlhK5WnQoGsqgSfiF0VrzKbAsTh1lUvt8yVQMtr/O6W1X3bDVlO5vqKdPvX/hUUmyeq8DOBP8n9jfJTu3FvXOnZHsEpfjuVK1puUoxA==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 23.83.223.169) smtp.rcpttodomain=mit.edu smtp.mailfrom=cryptonector.com; dmarc=bestguesspass action=none header.from=cryptonector.com; dkim=pass (signature was verified) header.d=cryptonector.com; arc=pass (0 oda=0 ltdi=0 93)
Authentication-Results: spf=pass (sender IP is 23.83.223.169) smtp.mailfrom=cryptonector.com; dkim=pass (signature was verified) header.d=cryptonector.com;dmarc=bestguesspass action=none header.from=cryptonector.com;
Received-SPF: Pass (protection.outlook.com: domain of cryptonector.com designates 23.83.223.169 as permitted sender) receiver=protection.outlook.com; client-ip=23.83.223.169; helo=slategray.cherry.relay.mailchannels.net; pr=C
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1774556991; b=X2jlRbQ2YA9dswVb58OhuN1CZ0yvNxH3CL3yfV7dUkJ8vLcxmPy2O1ZSxVL/ridmoYn7jI pvBYeqR7bY5I+LVsH/E3sOVF7NVv53NBlSlAvcbKgt0fER8xf0e7B9PouMTd3qLTDIusZs mxp/+TKWUl/Xep9YWSpaQUPa7Ag+miSdk7Zt8eEH7EujeglVLqNj4c2zwBFL77v+92r4G/ 9czv1WGlqK7KCEomMf+a1BciJTY+Wn0HyqHFXcdJIyY5AQVKpPXztDrNOqwYt2fQ6Vaxvq BzFf+Xh67hFF7/fPObO9152TjcgBa7Al2Tvj9qiTJw88zx832WEDsm302Y73NA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1774556991; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jafXUXfqHbVGEHz6qRktBjVJ5ucc4jIL8ZOI5aG1dd4=; b=Zub0efmjpnDqJQTgVvM45RCfKylSIhnJZm1K+yLfTbsnHW3/OBcZcyJV0MgbVKtmQgtqVd LGuwtUSl5W7/JQeZS3fUovyL1H0lpOkIBFS7OzrD68R0/Hk6Gb1zMprxrduB13VSTpO93g Mm6JcLj15d+vO7ls92fHH0laZBLQ8sU5eSISvByyPTpEVhQ6OsGH7fPP5ZQC48Qm0940x3 yKEtLtuWUOrayZ0BEA3iDiTNMfmUJEdXjX5rrG+xDO82qUAXuj4+H2KUKMvTDSeC3fPhSJ LRmzaPLsOMx8no7uH1s7pF5fXRO2D2WPBaY6nNMz2fitFU9AS3eWnbJEWbbJng==
ARC-Authentication-Results: i=1; rspamd-6d4cb6745-nvhfc; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Power-Cold: 6fc7d8921d0ce82d_1774556995538_3081245666
X-MC-Loop-Signature: 1774556995538:3686274811
X-MC-Ingress-Time: 1774556995538
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1774556991; bh=jafXUXfqHbVGEHz6qRktBjVJ5ucc4jIL8ZOI5aG1dd4=; h=Date:From:To:Cc:Subject:Content-Type; b=fA8Cy0RoZ82DuHUdgBpZ7Toh58XWHG+Cd2SrqvcGCdJhPZ9aG1fNCh5ADK6g6ka+u LASW541ziguBpRNuomre+hwcpOJsvmtVrqe6XNlVwpiEI4crcJ4vFHWESlbcuGKLrC 6ZlA9L0anyex/9XZ1Z5kcUYz1CbhODxik+gdvBJAz8D3rnTd5gxSIgajSLYVlPDnpr BoELwTwFFYQxL2VSKL9TgrD5Xkt0Y6u+t5X9AOEipKx4vueBl529x3z17r7xKNaqA5 i1oJVoQdMuaPgwtrrl7k9jJMJvILFroILqPt5orgSkwH7imvMdsiQ54FdBQeJhAHAE UYjn65MG9K3Iw==
Content-Disposition: inline
In-Reply-To: <acWS6N8cVWmtHZ4g@ubby>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM2PEPF00003FC9:EE_|BL1PR01MB7675:EE_
X-MS-Office365-Filtering-Correlation-Id: 4255c942-a5b0-41f1-6097-08de8b767206
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0; ARA:13230040|29132699027|48200799018|786006|9140799003|376014|61400799027|22082099003|18002099003|19002099003|16102099003|56012099003|55112099003;
X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?70jSue7FB9Nq5q6gRlua2doq5fuZGXdX6VkIRY8qYzOvmfYvy7FQYKiuAKIq?= =?us-ascii?Q?9+XEH96E6pqnZ6+A/kjeIp52UOR+J5QrTpvbhavtoNdhkB82LUGd1OWKnUXG?= =?us-ascii?Q?UasjsTEpkMPLLf8zug1jSBt4eT/uoQHlx/0zYVSz8umIXsF4IjdF1fdXcY7N?= =?us-ascii?Q?0iEsxsguhwtvvBeeQJVA0GrXXAoAq6zM8tVCElAlcJ4qUk40AQToxvTc/Td2?= =?us-ascii?Q?Xd7fdYCgrM1q79rk9IJdNZuXuJUitn8TfgSxLki5yqeMc/xAnGNJu7mXFL9A?= =?us-ascii?Q?TCtgktlaunmHwV/y5yJZkuCnc6bzLgREd18sbxJuJaiDtvA+BSu2Gr8CmXpQ?= =?us-ascii?Q?YYQq33sysynrdmUPDg2W9hapEH9Nyah4g4iL/wqjmL2UMaf1s1WSUII8F9VO?= =?us-ascii?Q?EQ7sgveLgwaFGEhvRBnb88DwVgj4jyI4xFGA3QTL1L7/0Ipf/XYx6VJ19IWm?= =?us-ascii?Q?n6eZvGhT3MYOYBFct1ptKRALy303VAj+foMMBrfP8C0fM+YxFDsui79F0Ku2?= =?us-ascii?Q?GvucTihZBhgJorn7YuV9BPXu9eXRj3EqW414kaH1N/DbpkLNhw8gkKTXcG5S?= =?us-ascii?Q?VcmC+NIpteJcBfKhqoQ8Lfwq4+C8y1GTeLFrdWL0tKYKYOCHujpqTZpNq6D8?= =?us-ascii?Q?ek4b5PgcQYMA0mZm/htSUL8pFU1pbphsMtdGsovC9GHMZBXI73PmqpSgC1jt?= =?us-ascii?Q?JBMZA63v6ao1FF6JpyUzYQ6s+z/E7pD0l4N+Xv7vUH+B5JI/1aB/b5HAsM4y?= =?us-ascii?Q?JMB07woKPUTU8J0Fl8FUQrQE0ezLbfVahW79czOrkR/9crnui3gzgEga6ngs?= =?us-ascii?Q?TFlxfu0PkPotVyyBmX2baUt35qCYZZRUXyWADUDepvm8kCdpD1foYrsZzSPm?= =?us-ascii?Q?GpoawLs06V83JOADq+wLoQrBUX9U0Icvii8/r2ROKd0i4Wjd4ju3gyVzjmF6?= =?us-ascii?Q?ue64m/7jMSLnEX12F5lv+F+VxdtnEH8wNzWcAo48iH0yzKWYac47s31PfxSD?= =?us-ascii?Q?RGDIjImr05rUaTip0eVec42etoSgCllZ9qe5Lc/0WpZjp+UUtpbT0plACk83?= =?us-ascii?Q?98sd3FA4quG6CBvzbakIHcXodixxbywTeiIsPgjwtitUwRlBwbhUiZGpOk0z?= =?us-ascii?Q?Dtdi32Ll2XMTxu1LJariQGHOjbhIH4keelZ+RoAHB7muzH/RC7uzobblWt8/?= =?us-ascii?Q?x2xb8EScJ+mgPOZ+cyY6CaYkzFhMAw0ZXQrMvtzM0sDj3tzFNRL5KKD7t/Gc?= =?us-ascii?Q?1gAUzdKhOAN3op0UGMxrJhNlJ8r3/zEDs0l1S94X+kii4HNQeueH8FSWyukf?= =?us-ascii?Q?MHZO9gVDw+pY4KrV1xkvp3sUHLuOQyjF/oHHffPewbu2oukX2J/+DIvT627z?= =?us-ascii?Q?IDCn82lOD8YYQ6861B8luy7CNZ/lOCgExAnZw9FaiiT0jntZJeDRB53GUbQE?= =?us-ascii?Q?s3ScaKTVfCc=3D?=
X-Forefront-Antispam-Report: CIP:23.83.223.169; CTRY:CA; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:slategray.cherry.relay.mailchannels.net; PTR:slategray.cherry.relay.mailchannels.net; CAT:NONE; SFS:(13230040)(29132699027)(48200799018)(786006)(9140799003)(376014)(61400799027)(22082099003)(18002099003)(19002099003)(16102099003)(56012099003)(55112099003); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: NJJjXbTQsLJ7vMQVujXCkJyW4rQJyn8g43d2a+nvnTxFSWmAoBN3IRHdgmvxaWcqhXGXMwCfJavvudXd9fon/9Rp6B47lsjRmi6PqRiO3yk2yhxHiGxESKqWgkamC2XWdSKXCCKhsqmRDF7I/mYMy41YlDCl2wKLYgqopZcfyDaOY+ZXaOljfPPU1iJ794J/fF1hZSRP0g+qp68y2yWQVK9tBtbkRcAmzVlIfEdZSPum+Cx5C1aw/XCozT7YbAFeNUhOmLPYot9XiD/4EgLiTLrqr43JtO0rrqCoxxzu/F1CqGWM8IRalq2mpdBczUF2r9iakxip4GPbqObdBLBX9tpGL26SCwIgEVuG8S/bJs6i4ycym/7OpN2zywvEdILFDR4Vlr5s4BeD8Lc+YLSHW2uX7gm++P7RRjsVAPh56KOSzytgJRmrsiREJWwSEBE8
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Mar 2026 20:29:56.5923 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4255c942-a5b0-41f1-6097-08de8b767206
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: DM2PEPF00003FC9.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR01MB7675
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>, <mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>, <mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <acWXPDdoWia+3WDc@ubby>
X-Mailman-Original-References: <CAH2n15zygW0KP4p5m+5JD40Js_QFbG-t45jGhHtABsZoDXSnCw@mail.gmail.com> <acWS6N8cVWmtHZ4g@ubby>
Xref: csiph.com comp.protocols.kerberos:5465

I should add that, yes, I think every KDC implementation should adopt
innovations from Heimdal -- it's not to flatter us; it's that those are
highly worthwhile, especially the ones you noted.

Nico
--