[835] in Kerberos
Cost of Using RSA
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Fri Dec 15 18:44:50 1989
From: jis@ATHENA.MIT.EDU (Jeffrey I. Schiller)
To: Saltzer@SRC.DEC.COM, NESSETT@CCC.NMFECC.GOV
Cc: jon@ATHENA.MIT.EDU, kerberos@ATHENA.MIT.EDU
> Those concerned with the cost per user of $25 / 2 years for a certificate may
> wish to calculate the costs of maintaining a centralized KDC (including, of
> course, administration costs associated with installing users in the password
> database, such as deciding whether a user is allowed in the database at all).
To add my two bits... The $25 / 2 years doesn't include the
cost associated with the administrative overhead of allocating
certificates through the methods proposed in the t-mail RFCs. This has
got to be a lot higher then using Kerberos, for with Kerberos a site
can do all its administration electronically (through the admin tools)
whereas with RSA, there is paperwork involved in dealing with RSADSI.
Revocation is also an important cost. For all practical
purposes all one needs to do with Kerberos if one's password is
compromised, is to change it. After the longest ticket lifetime,
credentials are effectively revoked. With certificates another
paperwork process must be initiated to sign a new certificate (I don't
know whether or not more $$$ are also needed) and a revocation list
must be updated (and delivered to the services that accept
certificates).
MIT's Project Athena effectively gives credentials to all
undergraduate students who request them. Furthermore in this
environment there is a reasonable number of password change requests
per day (where someone has forgotten their password and has to have it
administratively changed). With Kerberos authentication we use a
special application that allows new users to be automatically added to
the authentication database given the knowledge of their name and MIT
ID number. A separate database of names and ID numbers is consulted to
verify if in fact the requester is a student, and they don't already
have a credential (thus their name and ID number are in effect a
"weak" credential). If they forget their password they need to contact
the "Accounts Consultant" to have it changed. Needless to say the cost
per user (about 10,000 users are registered) is quite small. If we
used certificates we would have to scrap our automated account
creation software (or teach it how to write checks and mail them :-) )
and replace it with a manually, and therefore costly in staff time,
system. Our revocation list would also be quite large. In this
environment the cost differential between Kerberos, a "free" system,
and RSA based certificates is quite large.
-Jeff
