[839] in Kerberos
Re: costs of kerberos and X.500
daemon@ATHENA.MIT.EDU (NESSETT@CCC.NMFECC.GOV)
Mon Dec 18 15:20:36 1989
From: NESSETT@CCC.NMFECC.GOV
To: KERBEROS@ATHENA.MIT.EDU
The argument whether a cost of $12.50/user/year is significant when comparing
the relative benefits of kerberos and a X.500 based approach actually turns on
more basic considerations than the costs of the security mechanism per se.
The question is what proportion of the overall system cost does the per
certificate cost represent. A computer center supporting a user population of
about 2,000 would probably have a budget of about $30 million/year. Given that
large computers are becoming less economically attractive, let's cut this
number in half and say you can support a user population of 2,000 on $15
million per year. That works out to about $7,500 per user per year. This is
total system cost including hardware, software support, staff salaries, plant,
administration, etc. Let's be real conservative and say a minimum computing
environment can be sustained with a per user cost of $5,000 per year.
Given such cost figures, what is the overall impact of $12.50/user/year? If
the X.500 solution to authentication has major technical advantages (as
Jon Rochlis suggests), it would seem prudent to employ it.
Even a margin cost argument must take into account the impact of decreased
interoperability when a non-standard authentication mechanism is employed.
Given that the certificate approach has major technical advantages, isn't the
burden of proof on the kerberos people to show that the cost savings outweigh
significant costs of decreased interoperability. Perhaps even more pertinent
is the fact that sites adopting kerberos will probably have to support both it
and X.500, since the later is an integral part of the ISO protocol standards
milieu.
Dan Nessett
