daemon@ATHENA.MIT.EDU (NESSETT@CCC.NMFECC.GOV)
Mon Dec 18 15:20:36 1989

From: NESSETT@CCC.NMFECC.GOV
To: KERBEROS@ATHENA.MIT.EDU

The argument whether a cost of $12.50/user/year is significant when comparing
the relative benefits of kerberos and a X.500 based approach actually turns on
more basic considerations than the costs of the security mechanism per se.
The question is what proportion of the overall system cost does the per
certificate cost represent.  A computer center supporting a user population of
about 2,000 would probably have a budget of about $30 million/year.  Given that
large computers are becoming less economically attractive, let's cut this
number in half and say you can support a user population of 2,000 on $15
million per year.  That works out to about $7,500 per user per year.  This is
total system cost including hardware, software support, staff salaries, plant,
administration, etc. Let's be real conservative and say a minimum computing
environment can be sustained with a per user cost of $5,000 per year.

Given such cost figures, what is the overall impact of $12.50/user/year?  If
the X.500 solution to authentication has major technical advantages (as
Jon Rochlis suggests), it would seem prudent to employ it.

Even a margin cost argument must take into account the impact of decreased
interoperability when a non-standard authentication mechanism is employed.
Given that the certificate approach has major technical advantages, isn't the
burden of proof on the kerberos people to show that the cost savings outweigh
significant costs of decreased interoperability.  Perhaps even more pertinent
is the fact that sites adopting kerberos will probably have to support both it
and X.500, since the later is an integral part of the ISO protocol standards
milieu.

Dan Nessett

daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Mon Dec 18 16:33:55 1989

From: Theodore Ts'o < tytso@ATHENA.MIT.EDU>
To: NESSETT@CCC.NMFECC.GOV
Cc: KERBEROS@ATHENA.MIT.EDU
In-Reply-To: NESSETT@CCC.NMFECC.GOV's message of Mon, 18 Dec 89 12:14:03 PST,
Reply-To: tytso@ATHENA.MIT.EDU

   Date: 	  Mon, 18 Dec 89 12:14:03 PST
   From: NESSETT@CCC.NMFECC.GOV
   Comment: From NESSETT@CCC.MFENET on December 18, 1989 at 12:14 PST

   Even a margin cost argument must take into account the impact of decreased
   interoperability when a non-standard authentication mechanism is employed.
   Given that the certificate approach has major technical advantages.....

This may not be the right list to be debating the pro's and con's of the
certificate approach; if so, please respond via personal mail.  However,
I don't see how it's obvious that the certificate approach has ``major
technical advantages.''  For example, Jeff's point that Kerberos
provides a much easier way to revoke authentication privileges --- just
chage the password!

Could you detail the ``obvious technical advantages''?  Thanks!

						- Ted

daemon@ATHENA.MIT.EDU (Brain in Neutral)
Tue Dec 19 11:00:11 1989

From: zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!bin@ohio-state.arpa  
(Brain in Neutral)
To: kerberos@ATHENA.MIT.EDU

>From article < 891218121403.22200126@CCC.NMFECC.GOV>, by NESSETT@CCC.NMFECC.GOV:
> ...A computer center supporting a user population of about 2,000 would
> probably have a budget of about $30 million/year.  Given that
> large computers are becoming less economically attractive, let's cut this
> number in half and say you can support a user population of 2,000 on $15
> million per year.  That works out to about $7,500 per user per year.  This is
> total system cost including hardware, software support, staff salaries, plant,
> administration, etc. Let's be real conservative and say a minimum computing
> environment can be sustained with a per user cost of $5,000 per year.

Hmm, I support ~100 users on a staff of one (me) and my budget is (easily)
less than $100K/year.  That's < $1000/user/year.  $12.50/user/year for
certificates means I'd be spending over 1 percent of my budget *just for
authorization*.

No thanks.

Paul DuBois
dubois@primate.wisc.edu

daemon@ATHENA.MIT.EDU (Karl Kleinpaste)
Tue Dec 19 11:48:16 1989

From: cheops.cis.ohio-state.edu!karl@ohio-state.arpa  (Karl Kleinpaste)
To: kerberos@ATHENA.MIT.EDU

nessett@ccc.nmfecc.gov writes:
   A computer center supporting a user population of about 2,000 would
   probably have a budget of about $30 million/year.

Surely you jest - you missed by two orders of magnitude.

I just checked the budgetary figures for this department.  "wc -l
/etc/passwd" returns 2302.  This fiscal year's support budget for this
~2000 user base is ~$234,000 for actual system costs (harware,
software, phones/modems, etc) and about twice that (estimated) for
staff support, mostly salaries.  Call it $750,000 for round numbers.
Now you want us to add 3.6% to that budget (~$27,500) just to get
authorization.

That's just this department.  Multiply by 30 for the rest of the
university: you're pushing hard for $1M.

It won't even be considered.

daemon@ATHENA.MIT.EDU (NESSETT@CCC.NMFECC.GOV)
Tue Dec 19 11:52:15 1989

From: NESSETT@CCC.NMFECC.GOV
To: KERBEROS@ATHENA.MIT.EDU

I'm sure I have used up or am close to using up the good will of the kerberos
developers by sustaining over the last few days a discussion of the relative
merits of centralized key distribution versus a certificate based approach.
Throughout, your remarks have been constructive and good tempered, a refreshing
change from other discussion lists in which I have participated.  I salute you.
However, I don't wish to push my luck and so I promise this will be the last
epistle of mine that mentions certificates (at least for a while).

On my part, I don't beleive I have adequately defended the issue of certificate
cost, at least for a large number of sites such as many universities.
On the other hand, I don't believe the kerberos developers have adequately
addressed the issue of interoperability in a heterogeneous environment.

To those who raised other issues to which no response has yet appeared, I will
reply by private E-mail.

Cheers,

Dan Nessett

daemon@ATHENA.MIT.EDU (bede@LINUS.MITRE.ORG)
Tue Dec 19 15:40:16 1989

From: bede@LINUS.MITRE.ORG
To: kerberos@ATHENA.MIT.EDU

I'll add my 2 cents worth on this:  according to a paper published
in the most recent SOSP proceedings ("Operating Systems Review", Vol
23, No 5), X.509 is somewhat buggy -- to the extent that it is
possible to break the security of the scheme *without breaking the
key*.  This means that the encryption scheme -- RSA or otherwise --
isn't going to do X.509 any good.  According to the same paper,
kerberos doesn't share this weakness (in fact, the authors go as far
as to proclaim the kerberos scheme bug-free).  I'm quite open to
enlightenment on this, though, so if there is some other source which
successfully rebuts these conclusions, I'd be quite happy to be
corrected.

But for my part, this sort of revelation makes me wonder why anyone
should even consider using X.509, let alone adopt it as a standard.
And the question of actually paying for the privilege seems almost
absurd.


-Bede McCall

 MITRE Corp.          Internet: bede@mitre.org
 MS A114              UUCP: {decvax,philabs}!linus!bede
 Burlington Rd.
 Bedford, MA 01730    (617) 271-2839

daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Tue Dec 19 16:06:20 1989

From: jon@MIT.EDU (Jon A. Rochlis)
To: zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!bin@ohio-state.arp,
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Your message of 19 Dec 89 15:49:42 +0000.


   $12.50/user/year for
   certificates means I'd be spending over 1 percent of my budget *just for
   authorization*.
   
It's even worse.  All you're sure of getting is "authentication" (i.e.
you know who you're talking to), but not necessarily "authorization"
(i.e. what you are allowed to do).  You might get authorization by
using certificates as capabilities, but X.509 does not address such
uses.  All you can count on for "sure" is authentication.  If you only
get authentication you still another system for managing your
authorization information (e.g. Athena's Moira Service Management
System).

		-- Jon

daemon@ATHENA.MIT.EDU (NESSETT@CCC.NMFECC.GOV)
Wed Dec 20 11:34:31 1989
 From: NESSETT@CCC.NMFECC.GOV
To: KERBEROS@ATHENA.MIT.EDU

There was one item raised in the recent discussion of certificates that I feel
requires further comment.  At least two correspondents pointed out that a recent
paper in the Symposium on Operating System Principles notes a vulnerability in
X.509.  Not having received the proceedings of that symposium as yet, I asked
people who are members of the privacy and security research group if they had
seen the paper.  The chairman of that group, Steve Kent of BBN, sent me the
following reply.

---------------------------forwarded message-----------------------------

> Dan,

> 	The paper in SOSP notes a vulnerability in the 509 authentication
> protocol, which has nothing to do with our use of certificates in mail
> or with certificates in general.  It is a typical oversight in the
> protocol design for the three-way handshake and the paper even proposes
> a fix.  So, I don't see this criticism of 509 being a significant issue,
> just a condemnation of the sloppiness of the standards process.

> Steve

---------------------------end of forwarded message----------------------

Dan Nessett