Path: utzoo!mnetor!uunet!husc6!bloom-beacon!athena.mit.edu!wesommer
From: wesommer@athena.mit.edu (William Sommerfeld)
Newsgroups: comp.dcom.lans
Subject: Re: LAN security screw-ups
Message-ID: <2034@bloom-beacon.MIT.EDU>
Date: 15 Dec 87 02:54:43 GMT
References: <1858@cup.portal.com> <17429@bu-cs.BU.EDU>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: wesommer@athena.mit.edu (William Sommerfeld)
Organization: Massachusetts Institute of Technology
Lines: 32

In article <17429@bu-cs.BU.EDU> kwe@bu-it.bu.edu (Kent England) writes:
>	Someone from Athena said that they were going to release their
>validation protocol, Kerebos, to the public.  This protocol, if
>released, will be the best thing since X windows out of Athena.  

Nit 1: 'X Windows' is poor usage; the proper term for it is 'X' or
'The X Window system'.

Nit 2: The authentication system is spelled "Kerberos" (the Greek
spelling of Cerberus), after the three-headed dog guarding Hades in
Greek mythology.

Kerberos itself is only an authentication protocol; the authentication
protocol provides a way for a client of a service to prove that it
really is who it claims to be.  This is done through the use of some
simple cryptographic techniques; the end result of a successful
exchange is that both client and service have their hands on a session
key which they can use to encrypt further traffic.  Most applications
don't, but some (especially the service which provides a way for
someone to change their Kerberos password) do encrypt their
transactions, and are quite paranoid about what they find...

Kerberos is not a replacement for session encryption; it is instead a
way to distribute session keys (which, if you want to do session
encryption, you have to find a way to do).  

Last I heard, the release of a beta-test version of Kerberos should
come some time in February or March.

					Bill Sommerfeld
					wesommer@athena.mit.edu
					MIT Project Athena