Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!math.lsa.umich.edu!emv From: wesommer@athena.mit.edu (Bill Sommerfeld) Newsgroups: comp.archives Subject: [comp.protocols.iso] Re: New ISO Authentication ASE Message-ID: <11286@stag.math.lsa.umich.edu> Date: 6 Mar 90 03:39:06 GMT Sender: news@math.lsa.umich.edu Reply-To: wesommer@athena.mit.edu (Bill Sommerfeld) Followup-To: comp.protocols.iso Lines: 65 Approved: emv@math.lsa.umich.edu (Edward Vielmetti) X-Original-Newsgroups: comp.protocols.iso Archive-name: kerberos/06-Mar-90 Original-posting-by: wesommer@athena.mit.edu (Bill Sommerfeld) Original-subject: Re: New ISO Authentication ASE Archive-site: athena-dist.mit.edu [18.71.0.38] Archive-directory: pub/kerberos Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti) In article <1990Mar5.154434.21726@geac.com> joey@geac.com (Joey DeWiele) writes: I don't know anything about Kerberos. Kerberos is a "paranoid" extension of the original Needham and Schroeder secret-key based authentication system; it was developed at MIT's Project Athena. Within the U.S., a reasonably portable implementation is freely available via anonymous FTP. The current version of the protocol (version 4) is in production use by thousands of people at a number of different sites within the U.S. The protocol is also used by at least one commercial product now in beta test. A significant revision of the protocol is currently under way. Changes include additional functionality, removal of limits, use of multiple encryption algorithms, and conversion to using ASN.1 encoding for all messages. Kerberos currently assumes the use of a secret-key based encryption system such as DES; however, the extensions in version 5 may allow for the use of public key systems such as RSA. In particular, I don't how how widely accepted in the international community Kerberos is. One reason why this may be the case is the !@#$ U.S. export regulations on encryption and related technologies. Apparently, Kerberos is considered to be "encryption control machinery", so exporting an implementation requires an export license. There is an "implementation" of Kerberos (known as "bones") which has all reference to encryption removed, and is exportable without a license; using the protocol specification, the source to "bones", and a DES library, it may be possible to convert "bones" back into "the real thing". Information on Kerberos is available via anonymos FTP from athena-dist.mit.edu, in pub/kerberos/*. The source code for all of Kerberos is also available there, but you may be violating export rules if you ftp it from outside the U.S. If you can't FTP, you can also retrieve some of the available information automatically via electronic mail via an archive server; send mail to archive-server@athena-dist.mit.edu with a subject line of "help" for more information. There's also a usenet newsgroup comp.protocols.kerberos which is bidirectionally gatewayed with an Internet mailing list. If you can't read news and wish to join the mailing list, send mail to kerberos-request@athena.mit.edu. Bill Sommerfeld Visiting engineer from HP/Apollo at MIT/Project Athena. -- Henry Spencer is so much of a | Bill Sommerfeld at MIT/Project Athena minimalist that I often forget | sommerfeld@mit.edu he's there - anonymous |