In the Kerberos authentication protocol, as described here:
would it be safer to replace step (1) with:
$$ A \rightarrow T : A, E_{K_A{_{T}}}(B, N_A) $$
so that a passive adversary does not know the identity of party B with which A wishes to communicate?
Or even add an extra layer of security by encrypting the whole message with a globally distributed symmetric key:
$$ K_G $$ thus message (1) becoming: $$ A \rightarrow T : E_{K_G}(A, B, N_A) $$
where KG is a global key shared with all potential clients, and the trusted third party T decrypts any incoming request with this key; it assumes that all inbound ciphertexts are initially encrypted once with the respective key.
