What are the advantages/disadvantages of Kerberos vs. SSL?
In brief, the question seems to be, “What does Kerberos give me that SSL doesn’t?” That question is specific case of the general question, “What are the advantages and disadvantages of a private-key, trusted-third-party authentication system vs. a public-key, certificate-based authentication system?” As I see it, SSL has two major advantages over Kerberos: (1) It doesn’t require an accessible trusted third party; (2) it can be used to establish a secure connection even when one end of the connection doesn’t have a “secret” (a.k.a. “key” or “password”). These two advantages make it ideal for secured Web communication and for similar applications where there is a large user base which is not known in advance. [ Here are some disadvantages of SSL: ] 1) Key revocation. If a Verisign certificate issued to a user is compromised and must be revoked, how will all the servers with whom that user interacts know that the certificate is no longer valid?
From: Jonathan Kamens