When comparing SSL with other peer protocols like kerberos many issues comes into notice:

Advantage of SSL over Kerberos :
1) It doesn't require an accessible trusted third party.

2) It can be used to establish a secure connection even when one end of the connection doesn't have a "secret". As we know client authentication can be done by digital certifications or just a username and password. It depends how the server is implemented. That is why client authentication is optional.

Disadvantages :
1) If a Verisign certificate issued to a user is compromised and must be revoked, how will all the servers with whom that user interacts know that the certificate is no longer valid. Either revocation certificates have to be circulated to all relevant servers and cached for a long time, or servers have to verify incoming user certificates against a "revocation server."

2) If I'm issued a Verisign certificate, it has to live on my hard disk. It may be encrypted there such that I have to unlock it with a password before I can use it, but it's still on the hard disk and therefore vulnerable to cracking attacks.

3) Implement a new authentication technology for SSL, will lead to a new versions of all my SSL-capable applications, which is a bit complicated and time consuming.