Kerberos - Enough Already

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Datawolfdatawolf@ibm.net
Date:  
Subject: Kerberos - Enough Already
Mike Sheldon wrote:
>
> OK, maybe FUD is a bit strong. However, I see a definite trend where
> anything negative said about M$ is taken as absolute gospel, without
> checking the validity of the statement. This is very much the same
> accusations that the community makes of M$ themselves.


Micro$oft's record doesn't exactly lend them credibility.

> If someone was to go into that presentation spouting off about how M$'s
> Kerberos implementation was breaking standards, they'd likely have been
> severely embarrased, and would definitely have IMPROVED M$'s standing.


But if someone went in well informed about the issue, and what
Micro$oft's responses would be, it could be very entertaining.

> The ONLY thing that Clifford Neuman criticised about M$'s implemetation of
> Kerberos was their lack of public documentation, which M$ has recently
> addressed. The conditions under which they have released it are really the
> only thing left to bitch about.


I don't think you can exactly call it "public documentation", as
Micro$oft is threatening to sue slashdot for having the docs posted in
the discussion lists. And since it's considered a "trade secret",
nobody else can implement it.

And just because Clifford Neuman didn't criticize them much, doesn't
mean it's not a bad implementation. According to the article the Wolf
mentioned at
http://www.thestandard.com/article/display/0,1151,14996,00.html other
members of the Kerberos team criticized Micro$oft harshly:

"They don't want anyone competing against them,"
says Paul Hill, co-leader of the Kerberos team at
MIT, where the security standard was developed.
"It's typical Microsoft behavior."

Embrace, extend, extinguish.

> As in programming, facts are either true or false, and all facts are false
> until PROVEN true.


No fact that is true would be false, just because people weren't sure
which it was.

> I hate being in the position of defending M$.


Give it up, Mike. I'm convinced it can't be done. ;-)

-BVG