Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

If I can have honesty, it's easier to overlook mistakes. -- Kirk, "Space Seed", stardate 3141.9

devel / comp.protocols.kerberos / Re: heimdal http proxy

SubjectAuthor
o Re: heimdal http proxyCharles Hedrick

1
Re: heimdal http proxy

<mailman.6.1631399639.13452.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=132&group=comp.protocols.kerberos#132

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.pch.mit.edu!not-for-mail
From: hedr...@rutgers.edu (Charles Hedrick)
Newsgroups: comp.protocols.kerberos
Subject: Re: heimdal http proxy
Date: Sat, 11 Sep 2021 22:33:53 +0000
Organization: TNet Consulting
Lines: 39
Message-ID: <mailman.6.1631399639.13452.kerberos@mit.edu>
References: <87sfyq9qtg.fsf@hope.eyrie.org>
<58C9CD4B-C68A-4480-BFD8-29DC38D8C22A@cs.rutgers.edu>
<20210911182248.GA7118@openfortress.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="pch.mit.edu:18.7.21.50";
logging-data="27996"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
To: Rick van Rein <rick@openfortress.nl>
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=AF2AvzrWP+tminZtqrYifzObndwK9YH5Eozp+/1tJivoYYAUgYjC/BLi1O8tlU71pxZ6+s1gENxU+OKrMX9g4/+BAhJVePlgJ/U6jv67p5M50ZJIy4FxIcwt0VDEtH++bg/QU+jbIs7z7wJn5ECtXqX8ra/CO0AeTXXnIt/3xZdPa6GCDg1zRSc2rl0HnAOuMPHlqH/RI4LcpdIbuxdKnIWYfXcvDNrFDFVGhM0YtrfNeelB8EOtTuMCBlvJXOZj6CuZCjHivpF50OMu9nycg9thC5agScPpnRNN4Sp1Lp9OD5Ptw22ybb4BMmuWCVRuEDpMRHj4ZfOyZD0ru4H55g==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=FhqkUI2qhFB1HH7Rr4stxHbsqjXdJVuWeeG8Vd+p33I=;
b=bzcjWjj8Ui/3gEG1YlBwHu8+wDMFcd9AU/SzzmA27xdRbI8PuFrVAA4CCROv2puPsirha3Glr+R0K66rwpNW3GhmNZ7V5NF4ablkLFaJKKfDk7WSeTGpwX42loEgF9MTRqc26qWQqqeccZpT8BF8MdF0LLvapZdgO7wiw9atJvYYJrXidpMvVW97F8UE0fhC5iThmTGGeWHhKGoUsRhQdonD+Pz9+WwtNszrjUzs6ZOzrSaEc1mPQji6PKJjeVy2VjVTYUvIJLeQNe/MNMRVLTLfy2NxPeqmyKbKXFFuMRDY0liC2ENM6jsauok31jueN0g7zIhARub/WkZXRPTAFg==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=none (sender ip is
40.107.220.133) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu;
dmarc=bestguesspass action=none header.from=rutgers.edu;
dkim=pass (signature
was verified) header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu]
dmarc=[1,1,header.from=rutgers.edu])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=FhqkUI2qhFB1HH7Rr4stxHbsqjXdJVuWeeG8Vd+p33I=;
b=WY9PGEcO/8YeUOXB4defBBilppZClvCnZNDGZxWM4xT/YUjPvwKfrv9NgBb0WmYGICBU6sGDQPNhf++U9WNzL75v6OV83tr1w45SO/Pc35MhXvtQsyu+9cY5V7gxLoq7vv2C+ZMmMo2m/NqrvBot3shvVZzyEB/zUkcjuwU5upg=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=GQM5NlW5iAIN+Ue82jWWKsM5bwSqDkUar4A4RnU25mwDNtYF/sP5Ipe5NzmSexduRFmRvRIH0+j/QR+w/MbeTn9uk6aZuRtLbwOmH/wW563GDUnIo5otdMt+9sj+PFs9f5/1ELsb2Lc2ZMn5WLYIrv2kliF/I7XWMUDt+cHcstJeWBXfNoiN5xY1mtaSez/AQ+zxm2Ipy3C+sVL0d2naZBsR8BJ9CfbocT8elE+rX7f++wdTF2iUQTeC5Vuzg74D8hcAll0ogkrSJIZTtdHtFwveea9T3kQr6nc48RfB1pGUjnZWbveBV4ZvVYqY4qLrZyl8605wUmdFBrxUaLnDRQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=FhqkUI2qhFB1HH7Rr4stxHbsqjXdJVuWeeG8Vd+p33I=;
b=F0Qbq3IjpkQKvH+mOyD9KK6JNuf9iH7x6/x4p8rHSRtOQWR2SvxHCMSbpEaoG5HYNU+uUPrORekljyE7BfAUHoqyKJDD5PJ1w9F2c3Wp9b1gdUtGkNAFNuvHb2YLazaBvjDWM4zHRJD8aU0AMqnG4VC8wSItdGenTnmp/gNuPtIRe6ZmZ3dBOPmKnPmrIDZuuJ6yJEm0+LZyLis7aiv4leqW1LXACUOKF6O8XUq4jRzWShAWCN88+dtatTeQM1FR2UX7tyyhxVnFGxIDWOSYCJGqdLeU7WJhK0WUAEB+JGQiskTKzs77Xq+Fl93+s3TpISwW+exY1/3sFSdCsBTQcw==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=none (sender ip is
40.107.220.133) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu;
dmarc=bestguesspass action=none header.from=rutgers.edu;
dkim=pass (signature
was verified) header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu]
dmarc=[1,1,header.from=rutgers.edu])
Authentication-Results: spf=none (sender IP is 40.107.220.133)
smtp.mailfrom=rutgers.edu; mit.edu; dkim=pass (signature was verified)
header.d=rutgers.edu;mit.edu; dmarc=bestguesspass action=none
header.from=rutgers.edu;
Received-SPF: None (protection.outlook.com: rutgers.edu does not designate
permitted sender hosts)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=NxzRnb3oalRiOXjOhNWiaFJONQ+3t48uJo+Qws0kijqSWwjSX279UqcikHKxw1HSpkoBavmsVigBKK98YJjLE2n0N6ehGGDcqDTkso4veU+lvImWLoM31+z4Ewy961+5s29ZVbLEpnIc4CUiR9yyqBDD3XIaGuyjK2R33EjZQ0mQLOh1ZYbLkAbB3rayfQF35ZmSpdYASGVYOmMsaJScfAyOT+AvSbrmw6lvtKAH02sxYGAHS8kcWnNeRKjShghKpansBTwyJTg9PhwBEdj1e/YDzmPmZEVujJG12RjwWdqxlWe664XVGJlaHfBMOft5kbXMdqQ0qPIPiteI7OzZUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=FhqkUI2qhFB1HH7Rr4stxHbsqjXdJVuWeeG8Vd+p33I=;
b=gzIwfqeuNA3HfTQBt9iwDJny5TfiEj+BIXQYmKuXiuOPCXJuxDSfc8aUNwcKfX9FQ9SmD9IAI0QvXN7BLnbsWGjTx/Hf9HcR4/4yqtcsAIVguZAMprBs2t3omCsaDNFTlql5lbv7gyVoe8GzYdraPVyWnBYX9CL4B77dnFmNeOpG5oLra2wupUu4I9RrPS0hsIOkTCnyOhmS83JL2M8gN/U7MgunVOUaGbByy3nnf/uBsUNu9z66xQi5D+XGRxV62KvizCrNKq9vpog7xo6bR2jibXQZ/u+nU7ykz1fIvO0jSeQTHg2jBOPbGSw4OhSsI9N2wuoja93Jbigiat2EtA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=rutgers.edu;
dmarc=pass action=none header.from=rutgers.edu;
dkim=pass header.d=rutgers.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rutgers.edu;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=FhqkUI2qhFB1HH7Rr4stxHbsqjXdJVuWeeG8Vd+p33I=;
b=fkLHgp+CpESa+vkDOsdOCGY0+0AbvoBll++v4Y8XoOvgj2XMgn6UXW3aQCLmIYCRIW7VGGJJkdkEciUr5kwmI1w5Q03UnO+ZN2NmiUV6CvA0Prrqpq2SsXEYGztXQ7KNrWwKR6j3MT+3X32MyO+XvDpWUWe0tY7Zd6ehdM4IB8c=
Thread-Topic: heimdal http proxy
Thread-Index: AQHXpyDTlq3JcZyFvkOkcnXIr3wvWaufJcoAgABGJ+8=
In-Reply-To: <20210911182248.GA7118@openfortress.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: mit.edu; dkim=none (message not signed)
header.d=none; mit.edu; dmarc=none action=none header.from=rutgers.edu;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 3b0dd1e8-aa40-4c21-b47e-08d975743d32
x-ms-traffictypediagnostic: MN2PR14MB4110:|MW2PR0102MB3370:
X-Microsoft-Antispam-PRVS: <MW2PR0102MB337025860B8AA7EC1732848DAAD79@MW2PR0102MB3370.prod.exchangelabs.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: paO+yi22bnNRUNreRj3RUKFVd9vouYqQe3FnIzG9U8ouJL9SIoqON01fjvfiAMkMDCBPpPoZizYl6jToUXogxTbECGqV6wgtrPPH6TzVEwSn3Qe0h+rLcGXDQ1/JCEz1OBFLX3/p4Jw+gU/4Jxt7N/Q5zCkAPGFzPB8pQ+QgvytZnVEzAmC0azkffgEilHgiDnDO2S75XopNOemVf3j1SffkldiL1VJ5QSsXw/7ZNVlqY9fiy3HJXsg2OreBR3zSbvgMxTp8ypZA/yqp2VnPv0btIFpB+bOyiY+yD5I1WE4ousQZDrL2xWKZ7LCTPD5YpKi9Pqi2TbsYnFyy2HTVVlgp2DXUhOZPP/qPdcUqWIX8wNziZszVhb0NRBLFLQiPl5u1Z0a57LoKzWkRNZJmryJ/HtwajM4+0bH0sNPN1Wv0XXbiXTIfsy+Cs1UPKJVhoVt8IvwA9a/rzFrovw0kZ32Xm47pTirQxCYbAd7wQWVilU10dfnnCqXztQM1/9AFl4u68Cm5StlAdjQRUpmj1pB4DQAOaIXPELwqZUPiTlJtJMu8FJykuFp+U2WERXxb3VJET5bW3f88MvrdU3A+M3sgHhWePFF3hwxeSXLdgqxsde4wi4Hw38jPTwpF2KxBE23Nic5/F58xvZHsOFoRifjY6l7ewlvM6037PTO9NrPX/aHjpqMqnlRhOmK3ltbLa6RI8mlw+GfcSWTI5KRvZ9uvn+vHFxhTbSBFPp5uuC45TRaHav1ebCf622KM8DJ2474KiY4F+MMjq//8yvCt4TqdEe9YI+5THhmmW0p2B9lRLWhUqYClwB9Fvt6dDn9o
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM;
H:BL0PR14MB3588.namprd14.prod.outlook.com; PTR:; CAT:NONE;
SFS:(4636009)(396003)(346002)(366004)(39850400004)(136003)(376002)(3480700007)(2906002)(186003)(7116003)(4326008)(2616005)(38070700005)(36756003)(5660300002)(76116006)(966005)(8676002)(122000001)(38100700002)(71200400001)(53546011)(83380400001)(33656002)(66446008)(66556008)(64756008)(66476007)(66946007)(8936002)(6506007)(86362001)(316002)(6486002)(6916009)(75432002)(478600001)(6512007)(26005)(45980500001);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: o0zAw5wqh5DHtDSzcP49RSad5SvKWtklHpbbe3J+foFuq
efjoPtQFHxpM53jNpCxalLBt/lUd9VC0QbC+fpKUQBr6/
aT4EpLQTw2e6eTQ70slvQnp9HpgekcD2ewLqtZPY6q1DC
HNniiLiOwYNNuC+qJYfbkThVf1flvd1GN9RYKKGtm6hIt
m3aKWSsHZ6TK6AFqctt2GZFmhplAirpZKGmSGY6sNJNVh
IOOTWxbAmBeU1izjLa7uU4GC08SjBKsMfeQU0jyzdByFS
LxJ+dgdC8InLsFTZQo3slSjCf2v9aOezPu1u0qPuUWtp7
mQh9assVeDkT1uXWr91Pla5JeNO9FloNXEd1rJlNYbmpi
gs2iu75XQOjJbcHsArIkEY+vGswZczjQdPlXsQxunE79G
6CneeVRt/UR6rmemyNO4db0UXMErk4/zcTcq2kUXiFc9o
m2AVEpatvdDU4VW11Qu65XYsHSVC2etYOe3SxMmlVVOPm
rY56p+vuyqy3fWsBV5TkdfNyXBrpBZWZJEjwiXW5R89EN
9PEoKWBW7u3xa4pNcnHY2R1vCi+ToFix5zSOIT/LEpB2+
XT57w1ImyMqUcEjvkZ32c9H93O2ofj8wOvkz3Dpotirl6
3JT0RscizcoRivcXhoDaz2u7SnEQ22k8h6c8dKHv1hIeN
YlnlG51NGPKE3xfCFfbRw3W5HIk/EZiSCxQk4GjPRej2+
mYPs5nJ4OOJcrFe9h6D2G0lRJn6YGzz/GLjo8JG5HBtRu
3VD6zdx7mh0f1k89XfJbcQV/oKmByI1FsTV+/5QypEnyZ
hmRcHoR6T13mrHgXkHGhTI+P2UTGzTv1u7ODPkRPmnWax
sjYrKTQcfJH7thIzItMYkvf7M8pjDYch0Z3w8HQxi9TeS
iJz+9KQ0/mdWdRV0CKw0f4PgFhlZ0ZFR+/vRo+ggCVYjY
tqNa6gbnk6bN29reu5537HpBUvRhBcb/tEWSpbxQn/Psm
2xHd93+/EuCvoe1sTS5gcp3npoI3wzpZh4z6S41tw3LWx
KTxAGsSZ/hTX8Q4PT7nqlEhIGU8LtkqfyMsV+nRklCukI
axM77mwzdHfDS9T61HEr1fWOwVbL/TUIIon0ZIT/6EOZ/
oDOPzHZ7Sch1JVmEbxxhaLdCX5ixK7l/XRYcu9CVe7wXG
40FT475xgfporliKvL3eBVNCZZsQK8K7IWCQCk+L4zO1a
wGZISmmigL8kBibbdSMTO1ng7Bi8kNKXG6A0UrqjrDwpX
tWaRzFJfjLn9hGgkX5tTJfWUYwubX7eEF8TFyBYKtDv8z
NpHEoOHYdaqNprNcy/7SPOFzv//RRZAVmc1GtuU
x-ms-exchange-transport-forked: True
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR14MB4110
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: BN8NAM11FT004.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: BN8NAM11FT004.eop-nam11.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 122fd578-7d80-40b6-bdfa-08d975743c34
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: imOA4y6OK8k0Ra47WKz/OfvtPAaTDPzpADq2bgT8XXCPnshLeTIWfwd+HVo4JuSdT+xt099UmEiR52FN1fBhDLSXV3cQcboFov1yHd4twkmLfn3yqh+WKjOVtZoM41LxCvfx9tWvnVvJ9IRg+BC2nbXd0sfv15fXuGh/I1TQH1Uc29tKNmQQmUawMwsL15DxEdBXYqcnDdBvq2ZnG0UjV2O7MJjAc1SdZ6jx/Qw7MX9wEq65XweXpiZ+VU86OQ4Z25a12b5+aPLnD+8FAvAuvbfM+wJY+ZtUA94x9GZeFmB9Qw7cLITwoYkpKgu5av20AC5Zlb771fWW4weh4+ZEq+hBdnTAqcFSYS0r7ShXxz7CTmNSyJdhBD5+evneFyBCa0rp5znLRJY4RGObUfF4wKZIAAT4rvSAh9C+ioq+deeQPlRTobZOuA3knA6k57RRMy6Geo+gcHg5gKeMI3juiXBdDuFFtoolsQmFv99YlNSXp8fk5HzkZIAN6fhIL7bgTpF7EpZZr+fSi1yxWOH6RUZy8RxPOaaFsxcoqCYqMHHLWBxwltgkwPbS5tKaUkJnce/IF5nRFTGHVkY/ulYz3lobl4qF/vtJGFQl9fzrMgHomQtV43ZwOI504sYxLLph9xFlTYMLwtzHAzYYUxWW/njZLORWfsiE/ikNmGUK12KDsDeltqUluNXM6/Y6C5Hwwvyql3f+SfNDJx3EmIf1Ku6xzpgbRU/e9T094hfcbrCullYCWjg1xSlABY2DeLMl
X-Forefront-Antispam-Report: CIP:40.107.220.133; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:NAM11-CO1-obe.outbound.protection.outlook.com;
PTR:mail-co1nam11on2133.outbound.protection.outlook.com;
CAT:NONE;
SFS:(4636009)(39850400004)(136003)(346002)(396003)(376002)(36756003)(53546011)(966005)(26005)(6506007)(6486002)(2906002)(83310400002)(83280400002)(83320400002)(316002)(86362001)(2616005)(8676002)(336012)(83300400002)(83290400002)(36906005)(70586007)(6862004)(3480700007)(7116003)(5660300002)(4326008)(68406010)(498600001)(7636003)(33656002)(75432002)(356005)(83380400001)(6512007)(45980500001);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Sep 2021 22:33:55.0736 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b0dd1e8-aa40-4c21-b47e-08d975743d32
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT004.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR0102MB3370
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MIME-Autoconverted: from base64 to 8bit by PCH.mit.edu id 18BMXwvK004775
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
 by: Charles Hedrick - Sat, 11 Sep 2021 22:33 UTC

Another use case is getting tickets for Mac users. We have a few users that ssh into enough different hosts that they want to use kerberized ssh. Unless we open port 88 to the outside, they have to install Mac ports and use the MIT kinit. While it seems simple to me, it’s not for real users. If they could point Heimdal to a proxy I think it would be easier to support. It won’t work for two factor, since Apples Heimdal kinit doesn’t support that, but most of users don’t use two factors, just privileged users.

The easier solution would be for Apple to move to MIT, but I have no way to make that happen.

> On Sep 11, 2021, at 2:22 PM, Rick van Rein <rick@openfortress.nl> wrote:
>
> Hello Charles,
>
>> I???d like to be able to use Kerberos SPNEGO at home. Unfortunately the Mac uses Heimdal.
>
> SPNEGO has really a low security level. I am surprised this is considered
> acceptable for a https proxy.
>
> We are working on two better solutions, with software that classifies only
> little over "proof of concept'.
>
> - TLS-KDH to integrate Kerberos authentication with ECDH encryption;
> this combination is in fact Quantum Proof
>
> https://datatracker.ietf.org/doc/html/draft-vanrein-tls-kdh
>
> - HTTP-SASL integrates SASL as a HTTP authentication mechanism, and this
> is meant to allow Kerberos as well. In contrast with SPNEGO, it would
> be possible to require Channel Binding (at least to the webserver _name_).
>
> https://datatracker.ietf.org/doc/html/draft-vanrein-httpauth-sasl
>
>
> Take note: These have not even been proposed on this list, simply due to
> lack of time to actively discuss it (been mostly occupied with this and
> related implementations). So at best this could be a future opportunity.
> Still, your usecase may help to propell the work forward, so please share
> if this would be helpful for your situation. You may want to pass this
> by your sysadmin too.
>
>
> Cheers,
> -Rick

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor