[832] in Kerberos
Re: kerberos and the ISO protocol standards
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Thu Dec 14 15:10:57 1989
From: jon@MIT.EDU (Jon A. Rochlis)
To: NESSETT@CCC.NMFECC.GOV
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of Wed, 13 Dec 89 12:32:33 -0800.
From: NESSETT@CCC.NMFECC.GOV
Message-Id: <891213123233.5280012c@CCC.NMFECC.GOV>
Subject: Re: kerberos and the ISO protocol standards
To: KERBEROS@ATHENA.MIT.EDU
Implementations of X.509 are in approximately the same stage of
development as kerberos, although slightly behind.
While the developers of kerberos are to be congratulated for their
industry and appreciation of the significance of the distributed systems
security problem, the certificate approach is much more likely than
kerberos to be used in ISO standards.
Certificates have major advantages, it is true. However the choice of
an asymetric encryption algorithm (i.e. RSA) creates tremendous
legal/financial problems, while the use of DES trumps those. So far
the only arangements public arrangments with RSADI (who controls the
RSA patent) are for the Internet e-mail keys (at $25 a user / per 2
years). Nobody knows what arrangments can be had for any other use.
While I believe the RSA problems only apply within the US (and exclude
the government and MIT), that still leaves a lot of people with
serious exposure if they elect to go the X.509 route ... whereas they
can go with Kerberos now and not pay anybody any money.
-- Jon
