"Last week's column certainly got some folks' attention. My
analysis of the way that Microsoft tried to hijack the Kerberos
protocol generated more than its share of comment."
"In trying to make some sense of the feedback, I realized that
many people thought that I had confused the Kerberos code with the
The Internet Engineering Task Force specification based on
Kerberos. Indeed, it's the Kerberos reference code that is the
source of my complaint, and specifically that its BSD-based license
makes it all-too-easy for people to make proprietary extensions.
It's also quite true that even if the Kerberos code was covered by
the GNU General Public License (GPL), any would-be hijacker could
still not be completely thwarted -- they could simply rewrite the
whole thing from scratch, avoiding the copylefted code completely,
and still mangle the standard. My point is just that it would have
been more difficult to subvert Kerberos, not impossible, had the
reference code been under the GPL. That's all."
"Good place for a trademark? Most of the responses I received,
both personally and in the ZDNet talkback area, were thoughtful.
A few people pointed out that the best way to really prevent
such standards from being subverted is by the protection of the
Kerberos name by trademark. The point is to let developers make
anything they want, but if the finished product subverts Kerberos
and isn't interoperable, it can't call itself Kerberos