LISTSERV - HP3000-L Archives

HP3000-L Archives

May 2000, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L May 2000, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: OT: MS update
From:	Lane Rollins <[log in to unmask]>
Reply To:	Lane Rollins <[log in to unmask]>
Date:	Wed, 3 May 2000 13:05:38 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (59 lines)

on 5/3/00 11:39 AM, COLE,GLENN (Non-HP-SantaClara,ex2) at
[log in to unmask] wrote:
> In Windows 2000, the implementation of Kerberos security
> differs subtly from the industry standard.
>
> (Maybe this is just a bug; without more info, who's to say?)
>
> Anyway, I found the article an interesting read.
>
> http://www.infoworld.com/articles/op/xml/00/05/08/000508oplivingston.xml
>
> --Glenn

This is a slashdot.org article from yesterday.

---------------------------------------------------------------------
Kerberos, PACs And Microsoft's Dirty Tricks
Posted by Hemos on Tuesday May 02, @01:33PM

Chris DiBona wrote to us with something that Ted and Jeremy (Samba Boys)
wrote: "Microsoft, after getting beat up in the press for making propietary
extensions to the Kerberos protocol, has released the specifications on the
web -- but in order to get it, you have to run a Windows .exe file which
forces you agree to a click-through license agreement where you agree to
treat it as a trade secret, before it will give you the .pdf file. Who would
have thought that you could publish a trade secret on the web?" Read more
from the Samba Team below.

The critical part of the license states:

"b. The Specification is confidential information and a trade secret of
Microsoft. Therefore, you may not disclose the Specification to anyone else
(except as specifically allowed below), and you must take reasonable
security precautions, at least as great as the precautions you take to
protect your own confidential information, to keep the Specification
confidential. If you are an entity, you may disclose the Specification to
your full-time employees on a need to know basis, provided that you have
executed appropriate written agreements with your employees sufficient to
enable you to comply with the terms of this Agreement.
This is course is a very clever way to pretend to distribute the spec,
whilst making it completely impossible to implement in competiting
implementations which implements their propietary protocol extensions ---
extensions to a protocol which was originally published by the Kerberos team
as an Open Standard in the IETF. This completely defeats the IETF's
interoperability goals, and helps Microsoft leverge their desktop monopoly
into the server market.

The one good thing about Microsoft having pulled this dirty trick is that it
makes their propietary intentions about the Windows 2000 PDC clear as day. I
doubt anyone else could come up with a charitable explanation for what
they've done. What a better example of Microsoft's "embrace, extend, and
engulf" business model!

Jeremy Allison,
Samba Team.

Theodore Ts'o,
(former) Kerberos Development Lead "

ATOM RSS1 RSS2

RAVEN.UTC.EDU