[860] in Kerberos
Re: Kerberos, standards, servers, PKE, etc...
daemon@ATHENA.MIT.EDU (RSA Data Security)
Thu Dec 21 17:38:59 1989
From: zaphod.mps.ohio-state.edu!brutus.cs.uiuc.edu!apple!well!rsa@THINK.COM (RSA Data Security)
To: kerberos@ATHENA.MIT.EDU
The debate over the use of Kerberos vs. RSA has been interesting to
observe. I feel that since so many posters have discussed what they
see as the cost of RSA, this post is appropriate.
Let's at least set the record straight. What has been proposed to
both CCITT and to NIST/OSI is a licensing proposal where the cost of
using RSA is $2.50 per user *one time*. People are confusing the use
of RSA in directory authentication with the cost of a certificate ala
RFCs 1113-5, which describe the cost of obtaining a *service*
(getting a public key certified, at $25 for a two year certificate)
Having a certificate for Internet Privacy Enhanced Mail has nothing
(at this time) to do with X.509. All cost assumptions thus far
posted are based on information that is 100% wrong.
It is not possible to address the differences between digital
signatures and Kerberos for authentication here. I would simply
suggest that any comparison should be made by someone who understands
certificate based key management. If someone really wants to
understand what public-key is and how it can be uses *and* how it
compares to symmetric systems, I suggest "The First Ten Years
ofPublic-key Cryptography," by Whitfield Diffie. It appeared in
Preceeding of the IEEE Vol. 76, No. 5, May 1988. It also may be
appropriate to ask members of the IAB Privacy Task Force why they
chose RSA over Kereberos (even though it costs money).
Back to X.509: Note that the $2.50 is typically paid by a vendor
building a directory product. Also consider the 1988 recommendations
in X.411 (many of which require digital signatures to accomplish) and
the $2.50 one time seems quite reasonable. This price has not changed
since our original proposal to CCITT in 1984. In the meantime, a
large number of companies have licensed RSA and are introducing
products that use it (Digital Equipment, Motorola, Lotus,
Racal-Milgo, Fischer International, Tektronix, Simpact Associates,
etc). Apparently these companies saw a reasonable way to purchase
licenses to use RSA; don't knock the process if you haven't tried it.
The people who complain the loudest about patents and licenses are
the ones who seem to know the least about them. There's an awful lot
of "hip shooting" on this subject. Anyone who wants to discuss this
further can send me E-Mail.
On the "alternative" signature scheme proposed by NIST/OSI: ElGamal
is a scheme that requires a license to use (it employs methods
covered in the patent on exponential key exchange). Unlike RSA,
there is no written guarantee of the cost of using the scheme, yet it
is named in the NIST/OSI documents. There is *no* public-key
cryptosystem we know of that is *not* patented. RSA is the only one
we know of to actually submit licenses with defined costs so that
standardization can be considered.
Standards allow for the adoption of *patented* technology
(proprietary is the wrong term for RSA in *this* case as used by
James Galvin; no proprietary issues exist, only patent issues - also
the "heated exchange" referred to was over the implications of naming
the RSA algorithm in the IEEE 802.10 SILS documents and had nothing
to do with proprietary/patent issues). ANSI even states that between
2% and 5% is a "reasonable" royalty for such things. Anyone
genuinely interested in understanding these issues should obtain and
read the related documents and publications.
Finally, the $2.50 amount *came from* CCITT and NIST/OSI. It is not
even our number; it is the number the representatives on the
standards committees insisted on in 1984 and again in 1989 and which
we agreed to!
No, I don't think the dollar cost of RSA is the problem. The
problems are (1) political and (2) mis and disinformation (our main
competitors are apathy and ignorance). While organizations in Europe
openly adopt and endorse public-key such as RSA (EFTPOS UK, with an
endorsement of RSA by the NPL, or National Physical Laboratory), our
own government has been strangely silent in the area of public-key
while they seem at the same time to be the largest user. Also, the
computer security budget of NIST has been cut by over 3 million
dollars. Is electronic privacy and authentication for the most
automated society on earth so unimportant that congress (or those
advising them) feels compelled to cut the equivalent of 6 minutes of
of the annual Defense budget from it?
Jim Bidzos, President
RSA Data Security, Inc.
PS: It may be appropriate to have a newsgroup on X.509 and or the
Internet RFC's.
