[1933] in Kerberos
Re: kerberos & novell
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Wed May 27 11:38:31 1992
Date: Wed, 27 May 92 11:15:59 -0400
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: kerberos@Athena.MIT.EDU
In-Reply-To: Keith Brown's message of 27 May 92 00:15:40 GMT,
Date: 27 May 92 00:15:40 GMT
From: keith@novell.com (Keith Brown)
NetWare has been walking down the RSA trail in terms of authentication
services. Use of Kerberos has not been entirely eliminated but RSA
looks far more commercially viable today. Distribution and implementation
of RSA technology is carefully controlled and limited (it must be licensed
from the one source). As a consequence, there is a defacto standard RSA and
implementations can be trusted.
Kerberos suffers from the fact that its source is widely available and
abusable by any Joe on the internet whose figured out how to use FTP.
Being such a Joe, I could FTP it over from MIT now, change a few lines
of code, insert a back door or two and unleash my kludgery upon an
unsuspecting planet. Is this what you would wish your bank to be
using?
How so? Any random Joe on the internet can grab Kerberos, but
it certainly isn't the case that they would be able to unleash it on an
unsuspecting planet. How would they do that? If someone wants
Kerberos, they can get it from MIT, or some other trusted party --- for
example, there are a number of places that will sell you a Kerberos tape
and support to go with it. They're not going to get it from your random
Joe on the internet. The issue you raise is a complete red herring!
When Novell (or any other computer vendor) puts together a
system using RSA, or Kerberos, that vendor will always be able to
install back doors into the system, and "unleash it unto an unsuspecting
planet". Whether or not source is widely available is irrelevent.
Furthermore, RSA is just an encryption algorithm. Kerberos is a
complete authentication package (which uses DES) and which has stood the
test of time. If you just get RSA from RSA DSI, it is up to you to take
that encryption and turn it into a viable authentication scheme. That
scheme may not be compatible with the rest of the world; true, there are
standards for the format of certificates and encrypted objects, but
there's more to an authentication system than that --- for example, what
sort of packet format and what sort of exchange sequence do you use?
So Novell is going to have to put together an authentication
system using RSA, and then the rest of the world (who won't be given
access to the source code), will have to hope that (1) Novell designed
it correctly, and (2) the green implementation which they did doesn't
have any bugs.
If I were a bank security officer, I would much rather have a
system where (1) the system has stood the test of time and (2) the
sources are available so that an independent third party could audit
them. I fail to see how having freely available source code could ever
be a disadvantage. Security through obscurity is no security whatsoever
--- and I'm speaking as someone who has disassembled quite a few of
programs in my time, including the Internet worm/virus, and a couple of
copy protection schemes. :-)
- Ted
