Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!mcgill-vision!bloom-beacon!mit-eddie!mintaka!snorkelwacker!think!Think.COM!barmar
From: barmar@Think.COM
Newsgroups: comp.protocols.iso
Subject: Re: kerberos and the ISO protocol standards
Message-ID: <32337@news.Think.COM>
Date: 19 Dec 89 07:51:04 GMT
References: <8912180928.AA07892@rcole.hpl.hp.com> <8912180840.AA09995@asylum.sf.ca.us>
Sender: news@Think.COM
Organization: Thinking Machines Corporation, Cambridge MA
Lines: 38

In article <8912180840.AA09995@asylum.sf.ca.us> karl@asylum.sf.ca.us (Karl Auerbach) writes:
>> First, you must realise that having more than one standard for
>> anything is as bad as having no standard.
>I disagree.  It is good to have concise standards that do exactly the
>job at hand, not monstrosities that try to solve everything.  That's
>why there are umpteen standards for screw gauges, strengths, etc.  So
>I can buy exactly what I need.  That's why there are so many different
>types of airliners, automobiles, screwdrivers, and medicines.

One must distinguish standards whose purpose is heterogeneous
interoperability, such as those for communications.  You're right that
multiple standards permits you to specify more precisely just what you
need.  But in communications one often needs everything.  If you anticipate
trying to communicate with devices outside your jurisdiction then you must
be prepared to use a protocol compatible with those other devices.  If all
you care about is communication within your environment then multiple
standards aren't as big a problem, since you can make sure that all the
devices are compatible.

Consider character sets: there are only two standards (ASCII and EBCDIC),
yet this can cause major hassles.

>We will need several authentication standards -- as there need to be
>several levels of trust/believability.  Third party schemes will be
>necessary at times and two party schemes will be necessary at others.
>Simple handshakes at the front may be adequate for some, and
>continuous, repeated challanges necessary for others.

And what happens when a machine using two-party authentication tries to
talk to one that requires a third party?

Rather than having multiple standards, there should be one standard with
several modes.  A good example is TELNET, which is a single standard but
has option negotiation that can vary the protocol.
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar