I'll add that it's really shocking that we don't yet have PKCROSS. Lack of PKCROSS greatly hurts Kerberos' scalability.
Also, Kerberos w/ PKCROSS is much closer to something like what PKI should have been: short-lived credentials, no need for revocation protocols (CRLs, OCSP). Nico -- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
