Kerberos - Enough Already

[Datawolf]

Mike Sheldon wrote:
> 
> OK, maybe FUD is a bit strong. However, I see a definite trend where
> anything negative said about M$ is taken as absolute gospel, without
> checking the validity of the statement. This is very much the same
> accusations that the community makes of M$ themselves.

Micro$oft's record doesn't exactly lend them credibility.

> If someone was to go into that presentation spouting off about how M$'s
> Kerberos implementation was breaking standards, they'd likely have been
> severely embarrased, and would definitely have IMPROVED M$'s standing.

But if someone went in well informed about the issue, and what
Micro$oft's responses would be, it could be very entertaining.

> The ONLY thing that Clifford Neuman criticised about M$'s implemetation of
> Kerberos was their lack of public documentation, which M$ has recently
> addressed. The conditions under which they have released it are really the
> only thing left to bitch about.

I don't think you can exactly call it "public documentation", as
Micro$oft is threatening to sue slashdot for having the docs posted in
the discussion lists.  And since it's considered a "trade secret",
nobody else can implement it.

And just because Clifford Neuman didn't criticize them much, doesn't
mean it's not a bad implementation.  According to the article the Wolf
mentioned at
http://www.thestandard.com/article/display/0,1151,14996,00.html other
members of the Kerberos team criticized Micro$oft harshly:

   "They don't want anyone competing against them,"
   says Paul Hill, co-leader of the Kerberos team at
   MIT, where the security standard was developed.
   "It's typical Microsoft behavior."

Embrace, extend, extinguish.

> As in programming, facts are either true or false, and all facts are false
> until PROVEN true.

No fact that is true would be false, just because people weren't sure
which it was.

> I hate being in the position of defending M$.

Give it up, Mike.  I'm convinced it can't be done.  ;-)

-BVG