undefined | Better HN

0 pointsszc8y ago0 comments

I designed and implemented quite lot of the LocalKDC mechanism - um, roughly about 11-12 years ago now I think. At the time it was based on the MIT version of Kerberos. When Apple switched to using Heimdal, the LocalKDC implementation was updated and it has been maintained since then - I am no longer the maintainer of this software. I haven't cashed out.

As to why the LocalKDC exists? How can you do secure peer-to-peer authentication without relying on some sort of global (and broken) or private PKI infrastructure? SRP wasn't an option at the time.

I am sorry you are upset. Apple is really, really serious about protecting customer data. I encourage the reading of the Apple iOS Security Guide - it describes hardware and software techniques used to protect your data. There is also the 2016 Blackhat presentation by Ivan Krstic that gives more insight into the Secure Enclave.

0 comments

Spooky238y ago

Thanks for replying. Sorry if I was throwing too much vitriol and no personal affront was intended.

I had a real bad day yesterday... my customers were freaking out about this particular issue. I recall doing some enterprise Mac rollouts back in the Tiger days and you'd see alot of changes as support for things like AD evolved.

Apple has really good communications and documentation around iOS, which comes through in the iOS Security Guide, which is probably one of the best examples of that type of documentation. That hasn't been the case with MacOS, and its mysterious evolution, which feels pretty capricious from a customer POV at times. End of the day, I get paid to turn money + labor into answers to business problems -- Mac has turned into a wildcard for me, which saddens me as I love the platform.

LoSboccacc8y ago

> Apple iOS Security Guide

that goes perfectly with the trending feeling that iOS gets all the love while OSX sits on the back burner.

szcOP8y ago

I personally see that the mac is getting lots and lots of love! Not my place to say more than that.

I pointed to this resource due to the concern expressed about iOS.

j / k navigate · click thread line to collapse