daemon@ATHENA.MIT.EDU (NESSETT@CCC.NMFECC.GOV) Mon Dec 18 15:20:36 1989 From: NESSETT@CCC.NMFECC.GOV To: KERBEROS@ATHENA.MIT.EDU The argument whether a cost of $12.50/user/year is significant when comparing the relative benefits of kerberos and a X.500 based approach actually turns on more basic considerations than the costs of the security mechanism per se. The question is what proportion of the overall system cost does the per certificate cost represent. A computer center supporting a user population of about 2,000 would probably have a budget of about $30 million/year. Given that large computers are becoming less economically attractive, let's cut this number in half and say you can support a user population of 2,000 on $15 million per year. That works out to about $7,500 per user per year. This is total system cost including hardware, software support, staff salaries, plant, administration, etc. Let's be real conservative and say a minimum computing environment can be sustained with a per user cost of $5,000 per year. Given such cost figures, what is the overall impact of $12.50/user/year? If the X.500 solution to authentication has major technical advantages (as Jon Rochlis suggests), it would seem prudent to employ it. Even a margin cost argument must take into account the impact of decreased interoperability when a non-standard authentication mechanism is employed. Given that the certificate approach has major technical advantages, isn't the burden of proof on the kerberos people to show that the cost savings outweigh significant costs of decreased interoperability. Perhaps even more pertinent is the fact that sites adopting kerberos will probably have to support both it and X.500, since the later is an integral part of the ISO protocol standards milieu. Dan Nessett
daemon@ATHENA.MIT.EDU (Theodore Ts'o) Mon Dec 18 16:33:55 1989 From: Theodore Ts'o < tytso@ATHENA.MIT.EDU> To: NESSETT@CCC.NMFECC.GOV Cc: KERBEROS@ATHENA.MIT.EDU In-Reply-To: NESSETT@CCC.NMFECC.GOV's message of Mon, 18 Dec 89 12:14:03 PST, Reply-To: tytso@ATHENA.MIT.EDU Date: Mon, 18 Dec 89 12:14:03 PST From: NESSETT@CCC.NMFECC.GOV Comment: From NESSETT@CCC.MFENET on December 18, 1989 at 12:14 PST Even a margin cost argument must take into account the impact of decreased interoperability when a non-standard authentication mechanism is employed. Given that the certificate approach has major technical advantages..... This may not be the right list to be debating the pro's and con's of the certificate approach; if so, please respond via personal mail. However, I don't see how it's obvious that the certificate approach has ``major technical advantages.'' For example, Jeff's point that Kerberos provides a much easier way to revoke authentication privileges --- just chage the password! Could you detail the ``obvious technical advantages''? Thanks! - Ted
daemon@ATHENA.MIT.EDU (Brain in Neutral) Tue Dec 19 11:00:11 1989 From: zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!bin@ohio-state.arpa (Brain in Neutral) To: kerberos@ATHENA.MIT.EDU >From article < 891218121403.22200126@CCC.NMFECC.GOV>, by NESSETT@CCC.NMFECC.GOV: > ...A computer center supporting a user population of about 2,000 would > probably have a budget of about $30 million/year. Given that > large computers are becoming less economically attractive, let's cut this > number in half and say you can support a user population of 2,000 on $15 > million per year. That works out to about $7,500 per user per year. This is > total system cost including hardware, software support, staff salaries, plant, > administration, etc. Let's be real conservative and say a minimum computing > environment can be sustained with a per user cost of $5,000 per year. Hmm, I support ~100 users on a staff of one (me) and my budget is (easily) less than $100K/year. That's < $1000/user/year. $12.50/user/year for certificates means I'd be spending over 1 percent of my budget *just for authorization*. No thanks. Paul DuBois dubois@primate.wisc.edu
daemon@ATHENA.MIT.EDU (Karl Kleinpaste) Tue Dec 19 11:48:16 1989 From: cheops.cis.ohio-state.edu!karl@ohio-state.arpa (Karl Kleinpaste) To: kerberos@ATHENA.MIT.EDU nessett@ccc.nmfecc.gov writes: A computer center supporting a user population of about 2,000 would probably have a budget of about $30 million/year. Surely you jest - you missed by two orders of magnitude. I just checked the budgetary figures for this department. "wc -l /etc/passwd" returns 2302. This fiscal year's support budget for this ~2000 user base is ~$234,000 for actual system costs (harware, software, phones/modems, etc) and about twice that (estimated) for staff support, mostly salaries. Call it $750,000 for round numbers. Now you want us to add 3.6% to that budget (~$27,500) just to get authorization. That's just this department. Multiply by 30 for the rest of the university: you're pushing hard for $1M. It won't even be considered.
daemon@ATHENA.MIT.EDU (NESSETT@CCC.NMFECC.GOV) Tue Dec 19 11:52:15 1989 From: NESSETT@CCC.NMFECC.GOV To: KERBEROS@ATHENA.MIT.EDU I'm sure I have used up or am close to using up the good will of the kerberos developers by sustaining over the last few days a discussion of the relative merits of centralized key distribution versus a certificate based approach. Throughout, your remarks have been constructive and good tempered, a refreshing change from other discussion lists in which I have participated. I salute you. However, I don't wish to push my luck and so I promise this will be the last epistle of mine that mentions certificates (at least for a while). On my part, I don't beleive I have adequately defended the issue of certificate cost, at least for a large number of sites such as many universities. On the other hand, I don't believe the kerberos developers have adequately addressed the issue of interoperability in a heterogeneous environment. To those who raised other issues to which no response has yet appeared, I will reply by private E-mail. Cheers, Dan Nessett
daemon@ATHENA.MIT.EDU (bede@LINUS.MITRE.ORG) Tue Dec 19 15:40:16 1989 From: bede@LINUS.MITRE.ORG To: kerberos@ATHENA.MIT.EDU I'll add my 2 cents worth on this: according to a paper published in the most recent SOSP proceedings ("Operating Systems Review", Vol 23, No 5), X.509 is somewhat buggy -- to the extent that it is possible to break the security of the scheme *without breaking the key*. This means that the encryption scheme -- RSA or otherwise -- isn't going to do X.509 any good. According to the same paper, kerberos doesn't share this weakness (in fact, the authors go as far as to proclaim the kerberos scheme bug-free). I'm quite open to enlightenment on this, though, so if there is some other source which successfully rebuts these conclusions, I'd be quite happy to be corrected. But for my part, this sort of revelation makes me wonder why anyone should even consider using X.509, let alone adopt it as a standard. And the question of actually paying for the privilege seems almost absurd. -Bede McCall MITRE Corp. Internet: bede@mitre.org MS A114 UUCP: {decvax,philabs}!linus!bede Burlington Rd. Bedford, MA 01730 (617) 271-2839
daemon@ATHENA.MIT.EDU (Jon A. Rochlis) Tue Dec 19 16:06:20 1989 From: jon@MIT.EDU (Jon A. Rochlis) To: zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!bin@ohio-state.arp, Cc: kerberos@ATHENA.MIT.EDU In-Reply-To: Your message of 19 Dec 89 15:49:42 +0000. $12.50/user/year for certificates means I'd be spending over 1 percent of my budget *just for authorization*. It's even worse. All you're sure of getting is "authentication" (i.e. you know who you're talking to), but not necessarily "authorization" (i.e. what you are allowed to do). You might get authorization by using certificates as capabilities, but X.509 does not address such uses. All you can count on for "sure" is authentication. If you only get authentication you still another system for managing your authorization information (e.g. Athena's Moira Service Management System). -- Jon
daemon@ATHENA.MIT.EDU (NESSETT@CCC.NMFECC.GOV) Wed Dec 20 11:34:31 1989 From: NESSETT@CCC.NMFECC.GOV To: KERBEROS@ATHENA.MIT.EDU There was one item raised in the recent discussion of certificates that I feel requires further comment. At least two correspondents pointed out that a recent paper in the Symposium on Operating System Principles notes a vulnerability in X.509. Not having received the proceedings of that symposium as yet, I asked people who are members of the privacy and security research group if they had seen the paper. The chairman of that group, Steve Kent of BBN, sent me the following reply. ---------------------------forwarded message----------------------------- > Dan, > The paper in SOSP notes a vulnerability in the 509 authentication > protocol, which has nothing to do with our use of certificates in mail > or with certificates in general. It is a typical oversight in the > protocol design for the three-way handshake and the paper even proposes > a fix. So, I don't see this criticism of 509 being a significant issue, > just a condemnation of the sloppiness of the standards process. > Steve ---------------------------end of forwarded message---------------------- Dan Nessett