---

The Standard: Kerberos Loophole May Close Around Microsoft’s Neck

“As a legal wrangle develops over whether the Linux/open-source
news Web site Slashdot.org can post messages containing what
Microsoft (MSFT) calls a “trade secret,” key members of the
technical standards community have lost patience with the software
giant’s assertion of proprietary control over an open
standard.”

“At issue is a security protocol called Kerberos, a mechanism
that enables secure identity authentication when users log on to a
network. The version of Kerberos in Windows 2000 exploits a
loophole in the Internet standard specification that was
deliberately left open for customized versions.”

Upset that Microsoft has in essence driven a truck painted
with the Windows logo straight through that opening, Clifford
Neuman, the principal author of the original MIT version of
Kerberos and current editor of the IETF’s Kerberos standard
document, is drafting a proposal to close the hole in the
spec.
The IETF is an international group that sets standards
for the Internet.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis