Kerberos’ Stateless Model

TGS does not send {Kc,s}Ks to S directly. Instead, TGS sends {Tc,s}Ks, with Tc,s containing Kc,s, to C and let C forward it to S
- Otherwise, S would need to keep state, i.e., keep received Kc,s around, and this would complicate implementation
In general, servers do not talk to each other directly. Clients initialize transactions and complete them
This stateless model is simple and elegant

TGS does not send {Kc,s}Ks to S directly. Instead, TGS sends {Tc,s}Ks, with Tc,s containing Kc,s, to C and let C forward it to S